dwarfy.mafia

Hi,

Last night, when I was downloading something, I seemed to of picked up this strange virus. In the bottom right corner, (The mini toolbar with the clock), there was a flashing yellow exclamation mark, and my home page (google) wouldent load, instead a page would load that would tell me to pay 50 dollars to get rid of my virus... I scanned my virus programs (Spybot and Ad-Aware), and it did not get rid of the problem.. I turned on my computer today, and now my home page loads, but about once every 30 seconds, a new window appears, which tells me all these virues I have, and I have to close it, and it pops up again, then I close it and it wont come back for a few minutes.

Please help! I have never had any major problems with virus's on this computer before

Here is my Hijack This info

I dont see how anyone can make anything outta this, but this is what the sticky told me to do

Thanks in advance for your help
It is sincerily appreciated, as I cant afford to bring my computer in to be fixed right now.

Logfile of HijackThis v1.99.1
Scan saved at 11:47:17 PM, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SoftCodec\isamonitor.exe
C:\Program Files\SoftCodec\pmsngr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Blitzz\802.11g USB Adapter BWU723\ZDWlan.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SoftCodec\pmmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\SoftCodec\isaddon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\SoftCodec\iesplugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WLAN Utility.lnk = C:\Program Files\Blitzz\802.11g USB Adapter BWU723\ZDWlan.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FA6E94F-B7C2-47A9-BC73-8B4253928370}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

edifier

Do you still require assistance?.

dwarfy.mafia

yes please!

edifier

Download SmitfraudFix (by S!Ri) http://siri.urz.free.fr/Fix/SmitfraudFix.zip to your Desktop.
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.


Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Post this log.

leeroyMarv

Haven't finished checking the log yet but found this;
Trojan-Downloader.Zlob.Media-Codec
Type Malware
Type Description Malware ("malicious software") consists of software with clearly malicious, hostile, or harmful functionality or behavior and that is used to compromise and endanger individual PCs as well as entire networks.
Category Trojan Downloader
Category Description A Trojan Downloader is a program typically installed through an exploit or some other deceptive means and that facilitates the download and installation of other malware and unwanted software onto a victim's PC. A Trojan Downloader may download adware, spyware or other malware from multiple servers or sources on the internet.
Level High
Level Description High risk threats are typically installed without user interaction through security exploits, and can severely compromise system security. Such threats may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These threats may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer.
Advice Type Remove
Description Trojan-Downloader.Zlob.Media-Codec is a program that typically purports to be a needed upgrade to Windows Media Player in order to view adult oriented videos on certain websites. However, Trojan-Downloader.Zlob.Media-Codec actually downloads and installs additional malware on the user's machine.
Add. Description Trojan-Downloader.Zlob.Media-Codec often silently downloads and installs rogue security programs such as SpywareQuake, SpyFalcon and WinAntivirusPro, but may install other malware as well. Some variants of Trojan-Downloader.Zlob.Media-Codec have backdoor functionality, giving a remote attacker the ability to control and use the infected machine for malicious purposes.
File Traces
%PROGRAM_FILES%\icodecpack\isamonitor.exe

and

pmsngr.exe is a process associated with Trojan.Media-Codec.Process from NA. pmsngr.exe
i.e. it is related to the other file; isamonitor.exe
You really should scan those files, they appear to be a trojan

C:\Program Files\SoftCodec\pmmon.exe
This one also appears to be part of the trojan. What is this SoftCodec folder you have, do you know what it is? All the stuff in it seems to be part of a trojan

SoftCodec is apparently supposed to be a multimedia compressor for windows, but the files in it are trojans; 'Trojan.SoftCodec Spyware' You should scan it with a good free antivirus like AVG; free.grisoft.com/ and anti-spyware; Ad-Aware; www.lavasoft.de/software/adaware/
But i still think those files are viruses

Pizzaman

Sounds like the about:blank virus i had a couple months back. Takes ages to get rid of. I ended up having to go into the registry files and removing a file called appinit.dll Here is a link:http://www.akadia.com/services/about_blank_virus.html
and another i used:
http://www.pchell.com/support/aboutblank.shtml

__________________
Desktop:Processor: Intel Core 2 Duo E6600 2.4Ghz
RAM: 2048MB Dual Channel 533Mhz
Graphics Card: nVidia 7900GS O/C'ed to 630/800Mhz
Sound Card: X-FI Xtreme Music Card
Speakers: Dell 5650 5.1 Speaker Surround
Monitor: Dell 19" Ultrasharp
Hard Disk: 320GB 7,200rpm SATA
Toshiba Satelle A100 Laptop
Processor: Intel Core Duo T2050 @1.6Ghz
RAM: 512MB

dwarfy.mafia

SmitFraudFix v2.109

Scan done at 12:32:32.15, 14/10/2006
Run from C:\Downloads\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\dpfwu.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Camsta


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Camsta\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Camsta\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\SoftCodec\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



That is the log I got.


and leeroy, im not to sure what the sofcodec thing is, but its not something I need or use.

edifier

Go to ADD/REMOVE Programs and uninstall all versions of 'Java'. Then proceed here - http://java.sun.com/javase/downloads/index.jsp and install - 'Java Runtime Environment (JRE) 5.0 Update 9'. Also uninstall the following if you did not install them.

Noble Poker
PartyPoker

Go to 'Control Panel/folder options/view' and check 'show hidden files and folders'.While there, UNCHECK 'hide protected operating system files(recommended)'. Click Apply and Okay.

Download Ewido(AVG Antispyware) http://www.ewido.net/en/download/ then set it up this way http://rstones12.geekstogo.com/ewidosetup.htm You will need this later in safe mode
Make sure to update this program.

Download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ You will need it later in safe mode.

Reboot your computer in Safe Mode by doing the following.

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Please make sure ALL security programs including 'Spybot', your Antivirus, Ewido, etc, are disabled until they are needed. They may interfere with the cleaning process.

Run Smitfraud

* Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
* Select option #2 - Clean by typing 2 and press Enter.
* Wait for the tool to complete and disk cleanup to finish.
* You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
* The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.Save this log.

Navigate to the following folder and delete if still present.

C:\Program Files\SoftCodec

From safemode, run HijackThis and put a check by the following entries if still present, close all open windows and browsers except HijackThis and click 'Fix Checked'

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\SoftCodec\isaddon.dll
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\SoftCodec\iesplugin.dll
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

Exit Hijack This but remain in safe mode.

Run Ewido - make sure of the following settings.

Select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"

Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"
Save this scan log.

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use firefox also, select at top of ATF cleaner-tick Select all and run again.

Reboot into normal windows, run ATF cleaner again and post a fresh 'HJT' log along with the safemode scan logs from Ewido and SmitFraudFix.

dwarfy.mafia

Hi, thx for all the help so far!

I did what you told me to do, and here are the logs I have




SmitFraudFix v2.109

Scan done at 16:20:21.84, 14/10/2006
Run from C:\Downloads\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\dpfwu.dll Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\SoftCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End






--------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:34:13 PM 14/10/2006

+ Scan result:



C:\Downloads\SetupPoker.exe -> Adware.Casino : No action taken.
C:\System Volume Information\_restore{C1BA3EC0-6DD3-4C77-9BE2-2E0F8E04EC34}\RP508\A0091821.exe -> Adware.Casino : No action taken.
HKU\S-1-5-21-1137396071-3439514860-3377727607-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} -> Adware.Generic : No action taken.
C:\Program Files\filesubmit\kaleidascope_ss.zip\NNWDAC638.EXE -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{C1BA3EC0-6DD3-4C77-9BE2-2E0F8E04EC34}\RP503\A0091395.exe -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{C1BA3EC0-6DD3-4C77-9BE2-2E0F8E04EC34}\RP503\A0091396.exe -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{C1BA3EC0-6DD3-4C77-9BE2-2E0F8E04EC34}\RP503\A0091476.dll -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : No action taken.
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : No action taken.
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : No action taken.
HKU\S-1-5-21-1137396071-3439514860-3377727607-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{C1BA3EC0-6DD3-4C77-9BE2-2E0F8E04EC34}\RP508\A0091862.dll -> Adware.ProtectionBar : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@122.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@entrepreneur.122.2o 7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@livedealcom.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@wrigley.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wfk4uhcpceo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wfkikjajslq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wfkyskd5aao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wfkyunazmep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wfl4cgd5eeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wflianazaao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wflicjd5elp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wflioldzkap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wfliuldzkbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wfliwkc5who.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wfmiahcpmkp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wfmyaiajsap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wfmysldpafp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wgkiopczsho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wgkouic5wgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6whk4gncjmdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6whkiqodjklo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6whkosgdjchq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6whkywmdpokp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6whlyekd5khp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wjk4aid5khp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wjk4aidjiep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wjk4cod5oho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wjk4skdzkbp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wjk4undpgbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wjkokgczscp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wjkooodpgap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wjkoqod5shq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wjkyggdzobp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wjkysjd5wbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wjkyuldzaaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wjl4wiczilo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wjliulcpslo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wjloalazslo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wjloandzmcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wjmyanazgkq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wjny-1iczwd.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wjnyalazofp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wjnyekazslo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wjnygkdzsbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@e-2dj6wjnyunajegp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Camsta\Local Settings\Temp\Cookies\camsta@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@ivwbox[1].txt -> TrackingCookie.Ivwbox : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@image.masterstats[1].txt -> TrackingCookie.Masterstats : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@oewabox[1].txt -> TrackingCookie.Oewabox : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@data2.perf.overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@ads.planetactive[1].txt -> TrackingCookie.Planetactive : No action taken.
C:\Documents and Settings\Camsta\Local Settings\Temp\Cookies\camsta@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@stats1.reliablestat s[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Camsta\Local Settings\Temp\Cookies\camsta@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@h.starware[1].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@try.starware[1].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@anad.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@login.tracking101[2].txt -> TrackingCookie.Tracking101 : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@reduxads.valuead[1].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@yadro[1].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Camsta\Local Settings\Temp\Cookies\camsta@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Camsta\Cookies\camsta@zedo[2].txt -> TrackingCookie.Zedo : No action taken.


::Report end

edifier

You did not have Ewido delete all those baddies. Please do the following.

Look in ADD/REMOVE Programs for 'NewDotNet'. If there, uninstall it.

Update Ewido and reboot into safemode again. Run Ewido and 'Delete' whatever it finds. Once completed, save the scan log.

Run ATF cleaner.

Reboot into normal windows and post the Ewido safemode scan log and a new HijackThis log.