Can any one help me please system prob [HijackThis log]

hey there i'm new to all this and i have never had this error before i keep geting taskmasger has been shut off and cmd wont run is disabled by group and reg edit is disabled i have read what has been said and i have fixed it but evey time i reboot it all comes back here is my hijack log please can some one help me

thx for your time reading this
rico

Logfile of HijackThis v1.99.1
Scan saved at 12:36:09 AM, on 05/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\WINDOWS\System32\SK2690DM.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\utorrent.exe
C:\PROGRA~1\SPYWAR~2\swdoctor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\amnotebook\notebook.exe
C:\Program Files\Ontrack\PowerDesk\PDExplo.exe
C:\WINDOWS\Slave.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ntlworld.com/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\antivir.exe
F3 - REG:win.ini: load=C:\WINDOWS\System32\antivir.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\antivir.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe "
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe "
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [Hot Key Kbd 2690 Daemon] SK2690DM.EXE
O4 - HKLM\..\Run: [MSF_Monitor] RunDll32.exe C:\PROGRA~1\MYSECR~1\MSF32.dll,Start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\utorrent.exe "
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~2\swdoctor.exe /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Y!TunnelPro] C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AM-Notebook.lnk = C:\Program Files\amnotebook\notebook.exe
O4 - Startup: PowerDesk.lnk = C:\Program Files\Ontrack\PowerDesk\PDExplo.exe
O4 - Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O4 - Global Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Media Center - C:\WINDOWS\system32\en4ml1h11.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: RA Server (Slave) - TWD Industries SAS - C:\WINDOWS\Slave.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

Hi and welcome to WindowsBBS Forums.

It appears you may have a Look2Me variant, but to confirm, I'd like to run a search scan. I see one file which is related, others may be hidden.

And another file I see points to a worm which disables things like task manager and or anti virus apps.

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so! This Fix must NOT be run in safe mode for it to work.

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.. "...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.

PS: This is also posted in the wrong forum, maybe a mod will move it for us.

 

i did as u said hre teh info

L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous "=dword:00000000
"Impersonate "=dword:00000000
"DllName "=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff "= "ChainWlxLogoffEvent "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous "=dword:00000000
"Impersonate "=dword:00000000
"DllName "=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff "= "CryptnetWlxLogoffEvent "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName "= "cscdll.dll "
"Logon "= "WinlogonLogonEvent "
"Logoff "= "WinlogonLogoffEvent "
"ScreenSaver "= "WinlogonScreenSaverEvent "
"Startup "= "WinlogonStartupEvent "
"Shutdown "= "WinlogonShutdownEvent "
"StartShell "= "WinlogonStartShellEvent "
"Impersonate "=dword:00000000
"Asynchronous "=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Media Center]
"Asynchronous "=dword:00000000
"DllName "= "C:\\WINDOWS\\system32\\en4ml1h11.dll "
"Impersonate "=dword:00000000
"Logon "= "WinLogon "
"Logoff "= "WinLogoff "
"Shutdown "= "WinShutdown "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName "= "wlnotify.dll "
"Logon "= "SCardStartCertProp "
"Logoff "= "SCardStopCertProp "
"Lock "= "SCardSuspendCertProp "
"Unlock "= "SCardResumeCertProp "
"Enabled "=dword:00000001
"Impersonate "=dword:00000001
"Asynchronous "=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous "=dword:00000000
"DllName "=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate "=dword:00000000
"StartShell "= "SchedStartShell "
"Logoff "= "SchedEventLogOff "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff "= "WLEventLogoff "
"Impersonate "=dword:00000000
"Asynchronous "=dword:00000001
"DllName "=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName "= "WlNotify.dll "
"Lock "= "SensLockEvent "
"Logon "= "SensLogonEvent "
"Logoff "= "SensLogoffEvent "
"Safe "=dword:00000001
"MaxWait "=dword:00000258
"StartScreenSaver "= "SensStartScreenSaverEvent "
"StopScreenSaver "= "SensStopScreenSaverEvent "
"Startup "= "SensStartupEvent "
"Shutdown "= "SensShutdownEvent "
"StartShell "= "SensStartShellEvent "
"PostShell "= "SensPostShellEvent "
"Disconnect "= "SensDisconnectEvent "
"Reconnect "= "SensReconnectEvent "
"Unlock "= "SensUnlockEvent "
"Impersonate "=dword:00000001
"Asynchronous "=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous "=dword:00000000
"DllName "=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate "=dword:00000000
"Logoff "= "TSEventLogoff "
"Logon "= "TSEventLogon "
"PostShell "= "TSEventPostShell "
"Shutdown "= "TSEventShutdown "
"StartShell "= "TSEventStartShell "
"Startup "= "TSEventStartup "
"MaxWait "=dword:00000258
"Reconnect "= "TSEventReconnect "
"Disconnect "= "TSEventDisconnect "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName "= "wlnotify.dll "
"Logon "= "RegisterTicketExpiredNotificationEvent "
"Logoff "= "UnregisterTicketExpiredNotificationEvent "
"Impersonate "=dword:00000001
"Asynchronous "=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{0B1ED9DB-95AD-723C-0AFE-4226CB2B35B4} "=" "

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046} "= "Multimedia File Property Sheet "
"{176d6597-26d3-11d1-b350-080036a75b03} "= "ICM Scanner Management "
"{1F2E5C40-9550-11CE-99D2-00AA006E086C} "= "NTFS Security Page "
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32} "= "OLE Docfile Property Page "
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6} "= "Shell extensions for sharing "
"{41E300E0-78B6-11ce-849B-444553540000} "= "PlusPack CPL Extension "
"{42071712-76d4-11d1-8b24-00a0c9068ff3} "= "Display Adapter CPL Extension "
"{42071713-76d4-11d1-8b24-00a0c9068ff3} "= "Display Monitor CPL Extension "
"{42071714-76d4-11d1-8b24-00a0c9068ff3} "= "Display Panning CPL Extension "
"{4E40F770-369C-11d0-8922-00A024AB2DBB} "= "DS Security Page "
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} "= "Compatibility Page "
"{56117100-C0CD-101B-81E2-00AA004AE837} "= "Shell Scrap DataHandler "
"{59099400-57FF-11CE-BD94-0020AF85B590} "= "Disk Copy Extension "
"{59be4990-f85c-11ce-aff7-00aa003ca9f6} "= "Shell extensions for Microsoft Windows Network objects "
"{5DB2625A-54DF-11D0-B6C4-0800091AA605} "= "ICM Monitor Management "
"{675F097E-4C4D-11D0-B6C1-0800091AA605} "= "ICM Printer Management "
"{764BF0E1-F219-11ce-972D-00AA00A14F56} "= "Shell extensions for file compression "
"{77597368-7b15-11d0-a0c2-080036af3f03} "= "Web Printer Shell Extension "
"{7988B573-EC89-11cf-9C00-00AA00A14F56} "= "Disk Quota UI "
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "= "Encryption Context Menu "
"{85BBD920-42A0-1069-A2E4-08002B30309D} "= "Briefcase "
"{88895560-9AA2-1069-930E-00AA0030EBC8} "= "HyperTerminal Icon Ext "
"{BD84B380-8CA2-1069-AB1D-08000948F534} "= "Fonts "
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27} "= "ICC Profile "
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} "= "Printers Security Page "
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} "= "Shell extensions for sharing "
"{f92e8c40-3d33-11d2-b1aa-080036a75b03} "= "Display TroubleShoot CPL Extension "
"{7444C717-39BF-11D1-8CD9-00C04FC29D45} "= "Crypto PKO Extension "
"{7444C719-39BF-11D1-8CD9-00C04FC29D45} "= "Crypto Sign Extension "
"{7007ACC7-3202-11D1-AAD2-00805FC1270E} "= "Network Connections "
"{992CFFA0-F557-101A-88EC-00DD010CCC48} "= "Network Connections "
"{E211B736-43FD-11D1-9EFB-0000F8757FCD} "= "Scanners & Cameras "
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} "= "Scanners & Cameras "
"{905667aa-acd6-11d2-8080-00805f6596d2} "= "Scanners & Cameras "
"{3F953603-1008-4f6e-A73A-04AAC7A992F1} "= "Scanners & Cameras "
"{83bbcbf3-b28a-4919-a5aa-73027445d672} "= "Scanners & Cameras "
"{F0152790-D56E-4445-850E-4F3117DB740C} "= "Remote Sessions CPL Extension "
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "= "Auto Update Property Sheet Extension "
"{60254CA5-953B-11CF-8C96-00AA00B8708C} "= "Shell extensions for Windows Script Host "
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829} "= "Microsoft Data Link "
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} "= "Tasks Folder Icon Handler "
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} "= "Tasks Folder Shell Extension "
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF} "= "Scheduled Tasks "
"{0DF44EAA-FF21-4412-828E-260A8728E7F1} "= "Taskbar and Start Menu "
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} "= "Search "
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} "= "Help and Support "
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} "= "Help and Support "
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} "= "Run... "
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} "= "Internet "
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} "= "E-mail "
"{D20EA4E1-3957-11d2-A40B-0C5020524152} "= "Fonts "
"{D20EA4E1-3957-11d2-A40B-0C5020524153} "= "Administrative Tools "
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} "= "Audio Media Properties Handler "
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} "= "Video Media Properties Handler "
"{E4B29F9D-D390-480b-92FD-7DDB47101D71} "= "Wav Properties Handler "
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E} "= "Avi Properties Handler "
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9} "= "Midi Properties Handler "
"{c5a40261-cd64-4ccf-84cb-c394da41d590} "= "Video Thumbnail Extractor "
"{5E6AB780-7743-11CF-A12B-00AA004AE837} "= "Microsoft Internet Toolbar "
"{22BF0C20-6DA7-11D0-B373-00A0C9034938} "= "Download Status "
"{91EA3F8B-C99B-11d0-9815-00C04FD91972} "= "Augmented Shell Folder "
"{6413BA2C-B461-11d1-A18A-080036B11A03} "= "Augmented Shell Folder 2 "
"{F61FFEC1-754F-11d0-80CA-00AA005B4383} "= "BandProxy "
"{7BA4C742-9E81-11CF-99D3-00AA004AE837} "= "Microsoft BrowserBand "
"{30D02401-6A81-11d0-8274-00C04FD5AE38} "= "Search Band "
"{32683183-48a0-441b-a342-7c2a440a9478} "= "Media Band "
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13} "= "In-pane search "
"{07798131-AF23-11d1-9111-00A0C98BA67D} "= "Web Search "
"{AF4F6510-F982-11d0-8595-00AA004CD6D8} "= "Registry Tree Options Utility "
"{01E04581-4EEE-11d0-BFE9-00AA005B4383} "= "&Address "
"{A08C11D2-A228-11d0-825B-00AA005B4383} "= "Address EditBox "
"{00BB2763-6A77-11D0-A535-00C04FD7D062} "= "Microsoft AutoComplete "
"{7376D660-C583-11d0-A3A5-00C04FD706EC} "= "TridentImageExtractor "
"{6756A641-DE71-11d0-831B-00AA005B4383} "= "MRU AutoComplete List "
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} "= "Custom MRU AutoCompleted List "
"{7e653215-fa25-46bd-a339-34a2790f3cb7} "= "Accessible "
"{acf35015-526e-4230-9596-becbe19f0ac9} "= "Track Popup Bar "
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2} "= "Address Bar Parser "
"{00BB2764-6A77-11D0-A535-00C04FD7D062} "= "Microsoft History AutoComplete List "
"{03C036F1-A186-11D0-824A-00AA005B4383} "= "Microsoft Shell Folder AutoComplete List "
"{00BB2765-6A77-11D0-A535-00C04FD7D062} "= "Microsoft Multiple AutoComplete List Container "
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1} "= "Shell Band Site Menu "
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} "= "Shell DeskBarApp "
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1} "= "Shell DeskBar "
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1} "= "Shell Rebar BandSite "
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C} "= "User Assist "
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "= "Global Folder Settings "
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E} "= "Favorites Band "
"{0A89A860-D7B1-11CE-8350-444553540000} "= "Shell Automation Inproc Service "
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} "= "Shell DocObject Viewer "
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} "= "Microsoft Browser Architecture "
"{FBF23B40-E3F0-101B-8488-00AA003E56F8} "= "InternetShortcut "
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE} "= "Microsoft Url History Service "
"{FF393560-C2A7-11CF-BFF4-444553540000} "= "History "
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933} "= "Temporary Internet Files "
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933} "= "Temporary Internet Files "
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497} "= "Microsoft Url Search Hook "
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} "= "IE4 Suite Splash Screen "
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13} "= "CDF Extension Copy Hook "
"{131A6951-7F78-11D0-A979-00C04FD705A2} "= "ISFBand OC "
"{9461b922-3c5a-11d2-bf8b-00c04fb93661} "= "Search Assistant OC "
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} "= "The Internet "
"{871C5380-42A0-1069-A2EA-08002B30309D} "= "Internet Name Space "
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E} "= "Explorer Band "
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} "= "Sendmail service "
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} "= "Sendmail service "
"{88C6C381-2E85-11D0-94DE-444553540000} "= "ActiveX Cache Folder "
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "= "WebCheck "
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} "= "Subscription Mgr "
"{F5175861-2688-11d0-9C5E-00AA00A45957} "= "Subscription Folder "
"{08165EA0-E946-11CF-9C87-00AA005127ED} "= "WebCheckWebCrawler "
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} "= "WebCheckChannelAgent "
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} "= "TrayAgent "
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02} "= "Code Download Agent "
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} "= "ConnectionAgent "
"{D8BD2030-6FC9-11D0-864F-00AA006809D9} "= "PostAgent "
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} "= "WebCheck SyncMgr Handler "
"{352EC2B7-8B9A-11D1-B8AE-006008059382} "= "Shell Application Manager "
"{0B124F8F-91F0-11D1-B8B5-006008059382} "= "Installed Apps Enumerator "
"{CFCCC7A0-A282-11D1-9082-006008059382} "= "Darwin App Publisher "
"{e84fda7c-1d6a-45f6-b725-cb260c236066} "= "Shell Image Verbs "
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} "= "Shell Image Data Factory "
"{3F30C968-480A-4C6C-862D-EFC0897BB84B} "= "GDI+ file thumbnail extractor "
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC} "= "Summary Info Thumbnail handler (DOCFILES) "
"{EAB841A0-9550-11cf-8C16-00805F1408F3} "= "HTML Thumbnail Extractor "
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} "= "Shell Image Property Handler "
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D} "= "Web Publishing Wizard "
"{add36aa8-751a-4579-a266-d66f5202ccbb} "= "Print Ordering via the Web "
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1} "= "Shell Publishing Wizard Object "
"{58f1f272-9240-4f51-b6d4-fd63d1618591} "= "Get a Passport Wizard "
"{7A9D77BD-5403-11d2-8785-2E0420524153} "= "User Accounts "
"{BD472F60-27FA-11cf-B8B4-444553540000} "= "Compressed (zipped) Folder Right Drag Handler "
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} "= "Compressed (zipped) Folder SendTo Target "
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433} "= "Channel File "
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} "= "Channel Shortcut "
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} "= "Channel Handler Object "
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437} "= "Channel Menu "
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} "= "Channel Properties "
"{63da6ec0-2e98-11cf-8d82-444553540000} "= "FTP Folders Webview "
"{883373C3-BF89-11D1-BE35-080036B11A03} "= "Microsoft DocProp Shell Ext "
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D} "= "Microsoft DocProp Inplace Edit Box Control "
"{8EE97210-FD1F-4B19-91DA-67914005F020} "= "Microsoft DocProp Inplace ML Edit Box Control "
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} "= "Microsoft DocProp Inplace Droplist Combo Control "
"{6A205B57-2567-4A2C-B881-F787FAB579A3} "= "Microsoft DocProp Inplace Calendar Control "
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} "= "Microsoft DocProp Inplace Time Control "
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB} "= "Directory Query UI "
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} "= "Shell properties for a DS object "
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} "= "Directory Object Find "
"{F020E586-5264-11d1-A532-0000F8757D7E} "= "Directory Start/Search Find "
"{0D45D530-764B-11d0-A1CA-00AA00C16E65} "= "Directory Property UI "
"{62AE1F9A-126A-11D0-A14B-0800361B1103} "= "Directory Context Menu Verbs "
"{ECF03A33-103D-11d2-854D-006008059367} "= "MyDocs Copy Hook "
"{ECF03A32-103D-11d2-854D-006008059367} "= "MyDocs Drop Target "
"{4a7ded0a-ad25-11d0-98a8-0800361b1103} "= "MyDocs Properties "
"{750fdf0e-2a26-11d1-a3ea-080036587f03} "= "Offline Files Menu "
"{10CFC467-4392-11d2-8DB4-00C04FA31A66} "= "Offline Files Folder Options "
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} "= "Offline Files Folder "
"{143A62C8-C33B-11D1-84FE-00C04FA34A14} "= "Microsoft Agent Character Property Sheet Handler "
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} "= "DfsShell "
"{60fd46de-f830-4894-a628-6fa81bc0190d} "= "%DESC_PublishDropTarget% "
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717} "= "MMC Icon Handler "
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} "= ".CAB file viewer "
"{32714800-2E5F-11d0-8B85-00AA0044F941} "= "For &People... "
"{8DD448E6-C188-4aed-AF92-44956194EB1F} "= "Windows Media Player Play as Playlist Context Menu Handler "
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "= "Windows Media Player Burn Audio CD Context Menu Handler "
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "= "Windows Media Player Add to Playlist Context Menu Handler "
"{B41DB860-8EE4-11D2-9906-E49FADC173CA} "= "WinRAR shell extension "
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "= "Shell Extensions for RealOne Player "
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B} "= "BitDefender Antivirus v9 "
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "= "Web Folders "
"{42042206-2D85-11D3-8CFF-005004838597} "= "Microsoft Office HTML Icon Handler "
"{32020A01-506E-484D-A2A8-BE3CF17601C3} "= "AlcoholShellEx "
"{5CA3D70E-1895-11CF-8E15-001234567890} "= "DriveLetterAccess "
"{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} "= "jetAudio "
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} "= "My Logitech Pictures "
"{1D2680C9-0E2A-469d-B787-065558BC7D43} "= "Fusion Cache "
"{640167b4-59b0-47a6-b335-a6b3c0695aea} "= "Portable Media Devices "
"{cc86590a-b60a-48e6-996b-41d25ed39a1e} "= "Portable Media Devices Menu "
"{A70C977A-BF00-412C-90B7-034C51DA2439} "= "NvCpl DesktopContext Class "
"{1CDB2949-8F65-4355-8456-263E7C208A5D} "= "Desktop Explorer "
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "= "Desktop Explorer Menu "
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "= "nView Desktop Context Menu "
"{A1A07B07-F70D-482e-B0E8-B6178E73B094} "= "hkshlex extension "
"{40847941-2F5E-4BEB-802C-74849B8BA2E4} "= "ahdp "
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04} "= "RecordNow! SendToExt "
"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} "= "PowerISO "
"{FFB699E0-306A-11d3-8BD1-00104B6F7516} "= "Play on my TV helper "

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
bassmod.dll Tue 27 Jun 2006 1:03:16 A.... 14,848 14.50 K
legitc~1.dll Wed 17 May 2006 11:23:38 A.... 579,888 566.30 K

2 items found: 2 files, 0 directories.
Total of file sizes: 594,736 bytes 580.80 K
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C is Main
Volume Serial Number is 28C6-E691

Directory of C:\WINDOWS\System32

04/07/2006 11:56 PM <DIR> dllcache
04/07/2006 07:36 PM 181,442 antivir.exe
04/07/2006 07:36 PM 181,442 3NSb47q1lo.ini
22/06/2006 06:33 AM 952 KGyGaAvL.sys
19/03/2006 01:39 AM <DIR> Microsoft
3 File(s) 363,836 bytes
2 Dir(s) 3,403,210,752 bytes free

 

OK, after some consulting the line I think is an infection may just be remnants, which Ewido will find an kill off.

First download Ewido Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
2. Once the setup is complete you will need run ewido and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
   • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine ".
6. Under "Reports "
   • Select "Automatically generate report after every scan "
   • Un-Select "Only if threats were found "

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
   IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
2. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan ".
4. ewido will now begin the scanning process, be patient this may take a little time.
   Once the scan is complete do the following:
5. If you have any infections you will prompted, then select "Apply all actions "
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
8. Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.

 

i did eveything said and when i rebooted in to normal mode i still cant do alt ctrl del to get the task manger up but here the log u said post and thx for all this help i hope i can get it fixed

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:07:49 AM 06/07/2006

+ Scan result:



HKLM\SOFTWARE\AKSoft -> Adware.AkSoft : Cleaned with backup (quarantined).
HKLM\SOFTWARE\AKSoft\X-Tractor -> Adware.AkSoft : Cleaned with backup (quarantined).
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
E:\Games\Little Games\SeaWar2\cd_shell.dll -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\ѕecurity\rυndll.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
D:\Apps\Movies & Music\Magic DVD Copier v4.2.2-ViRTiLiTY.rar/Magic DVD Copier v4.2.2-ViRTiLiTY\keygen.exe -> Adware.WinAD : Cleaned with backup (quarantined).
D:\Apps\Movies & Music\Magic DVD Copier v4.2.2-ViRTiLiTY.rar/Magic DVD Copier v4.2.2-ViRTiLiTY\keygen.rar/keygen.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\WINDOWS\system32\3NSb47q1lo.ini -> Backdoor.Ciadoor.13 : Cleaned with backup (quarantined).
C:\WINDOWS\system32\antivir.exe -> Backdoor.Ciadoor.13 : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wsock32.sys -> Backdoor.Ciadoor.13 : Cleaned with backup (quarantined).
C:\Downloads\Books + Text + Stuff\Bits + Bobs\mirc scripts\protection2[03-02].zip/protectioný.mrc -> Backdoor.Logare : Cleaned with backup (quarantined).
D:\Apps\Internet Programs\Trillian Pro v3.1 Build 121 FINAL.rar/Trillian Pro v3.1 Build 121 FINAL\Internet Explorer Security.exe -> Downloader.Agent.a : Cleaned with backup (quarantined).
D:\Apps\Internet Programs\FlashFXP v3.4 Build 1140.rar/vd-fxp34\patch.exe -> Downloader.Delf.ain : Cleaned with backup (quarantined).
D:\Apps\Normal Programs\Alcohol.120.v1.9.5.4212.Retail.WinALL.Cracked-BLiZZARD.rar/Alcohol.120.v1.9.5.4212.Retail.WinALL.Cracked-BLiZZARD\blz-a120_1954212-patch.exe -> Downloader.Delf.ain : Cleaned with backup (quarantined).
:mozilla.887:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.888:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.889:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.271:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.272:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.273:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.274:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.275:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.276:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.277:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.278:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.279:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.280:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.281:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.282:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.283:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.284:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.285:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.286:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.287:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.288:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.289:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.290:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.291:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.292:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.293:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.294:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.295:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.296:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.297:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.298:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.299:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.300:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

 

:mozilla.301:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.302:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.303:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.304:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.305:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.306:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.307:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.308:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.309:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.312:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.369:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.559:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.560:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.561:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.945:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.246:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.247:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.248:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.471:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.595:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.596:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.597:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.598:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.599:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.682:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.367:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.368:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.763:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.372:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.648:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.649:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.651:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.621:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.622:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.623:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.624:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.625:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.626:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.335:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
:mozilla.262:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.728:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.729:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.310:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.830:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined).
:mozilla.831:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined).
:mozilla.646:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.845:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.677:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.678:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.679:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.680:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.681:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.338:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.339:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.340:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.341:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.342:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.343:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.657:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.658:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.659:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.660:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.661:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.662:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.804:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.345:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.346:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.347:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.348:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.349:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.350:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.351:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.516:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.517:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.518:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.724:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.737:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.743:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.855:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup (quarantined).
:mozilla.856:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup (quarantined).
:mozilla.404:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Linkbuddies : Cleaned with backup (quarantined).
:mozilla.208:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.332:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.333:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined)

 

:mozilla.532:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.533:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.534:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.668:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.673:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.674:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.675:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.683:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.684:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.720:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.721:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.722:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.462:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.463:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.464:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.465:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.466:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.467:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.468:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.469:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.470:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.543:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.544:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.545:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.546:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.547:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.398:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.400:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.829:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.169:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.173:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.174:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.176:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.177:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.178:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.180:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.181:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.182:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.183:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.184:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.185:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.189:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.190:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.196:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.197:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.199:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.200:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.202:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.203:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.650:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.652:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.653:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.719:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.566:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.567:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.568:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.569:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.570:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.387:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.388:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.389:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.633:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
:mozilla.448:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Rico.CHRISTINE\Application Data\Mozilla\Firefox\Profiles\g7eshpdm.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end

 

OK, after looking over the Ewido log file, you may have to restore some of what was 'Quarantined'. Some look to be legit apps, such as Trillian, Movies and Magic, Little Games and others. I would imagine you can fugue out what you know to be legit apps.


Now we need to figure out what specifically was buggered up on your registry, to do that I'm afraid we must run yet another scan which will give us the specifics, so your registry can be brought back to normal operations.

Please download Winpfind from here

Unzip it to the desktop and run Winpfind.exe.

Once the scan is finished, please CLOSE the Notepad window that pops up. Then please post the entire logfile winpfind.txt back into this thread for me to view.

This scan may take some time to complete, so don't plan on standing next to the box, go an watch TV or something. You don't need to be connected to the Net either.

 

thx again for all your help


WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
PEC2 03/07/2006 12:02:32 PM 174163 C:\Program Files\utorrent.exe
PECompact2 03/07/2006 12:02:32 PM 174163 C:\Program Files\utorrent.exe

Checking %WinDir% folder...
UPX! 22/03/2005 1:00:00 AM 47104 C:\WINDOWS\uscscsi.dll

Checking %System% folder...
aspack 18/03/2005 6:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
aspack 26/05/2005 4:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll
aspack 22/07/2005 8:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll
PEC2 23/08/2001 1:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 09/06/2005 9:32:28 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 09/06/2005 9:32:28 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
qoologic 26/10/2005 1:00:00 AM 2026313 C:\WINDOWS\SYSTEM32\ie-ads-uninst.reg
PTech 26/10/2005 1:00:00 AM 2026313 C:\WINDOWS\SYSTEM32\ie-ads-uninst.reg
urllogic 26/10/2005 1:00:00 AM 2026313 C:\WINDOWS\SYSTEM32\ie-ads-uninst.reg
ad-beh 26/10/2005 1:00:00 AM 2026313 C:\WINDOWS\SYSTEM32\ie-ads-uninst.reg
66.63.167.77 26/10/2005 1:00:00 AM 2026313 C:\WINDOWS\SYSTEM32\ie-ads-uninst.reg
abetterinternet.com 26/10/2005 1:00:00 AM 2026313 C:\WINDOWS\SYSTEM32\ie-ads-uninst.reg
web-nex 26/10/2005 1:00:00 AM 2026313 C:\WINDOWS\SYSTEM32\ie-ads-uninst.reg
ad-w-a-r-e.com 26/10/2005 1:00:00 AM 2026313 C:\WINDOWS\SYSTEM32\ie-ads-uninst.reg
UPX! 26/07/2004 12:12:52 PM 166912 C:\WINDOWS\SYSTEM32\lame_enc.dll
PTech 17/05/2006 11:23:38 AM 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
UPX! 13/01/2005 9:41:48 PM 11254 C:\WINDOWS\SYSTEM32\locate.com
UPX! 23/02/2004 1:00:00 AM 716528 C:\WINDOWS\SYSTEM32\MSVBVM60.DLL
Umonitor 29/08/2002 4:41:10 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 23/07/2001 8:29:32 AM 552960 C:\WINDOWS\SYSTEM32\saxzip.ocx
UPX! 20/01/2005 1:47:50 PM 175616 C:\WINDOWS\SYSTEM32\strings.exe
winsync 23/08/2001 1:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
06/07/2006 2:10:10 AM S 2048 C:\WINDOWS\bootstat.dat
04/07/2006 7:33:22 PM RHS 528 C:\WINDOWS\PCGWIN32.LI4
22/06/2006 6:33:38 AM HS 952 C:\WINDOWS\system32\KGyGaAvL.sys
17/05/2006 11:24:42 AM S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WGA.cat
06/07/2006 2:20:54 AM H 1024 C:\WINDOWS\system32\config\default.LOG
06/07/2006 11:22:22 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
06/07/2006 2:20:18 AM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
06/07/2006 1:19:04 PM H 1024 C:\WINDOWS\system32\config\software.LOG
06/07/2006 1:23:28 PM H 1024 C:\WINDOWS\system32\config\system.LOG
18/05/2006 9:08:52 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
18/05/2006 9:08:52 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0JWLA5CD\desktop.ini
18/05/2006 9:08:52 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4TU7KLSH\desktop.ini
18/05/2006 9:08:52 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KFGBUJS9\desktop.ini
18/05/2006 9:08:52 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YTQD0RG9\desktop.ini
04/07/2006 7:49:04 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\963dea2c-2213-4b98-a70d-d78307925e89
04/07/2006 7:49:04 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
06/07/2006 2:10:12 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 23/08/2001 1:00:00 PM 66048 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 14/05/2003 2:19:16 PM R 6843904 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 29/08/2002 4:41:28 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl
Logitech Inc. 08/10/2004 1:23:58 PM 282624 C:\WINDOWS\SYSTEM32\camcpl.cpl
Microsoft Corporation 29/08/2002 4:41:28 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 23/08/2001 1:00:00 PM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 29/08/2002 4:41:28 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 29/08/2002 4:41:28 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl
InstallShield Software Corporation27/07/2004 4:50:48 PM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 29/08/2002 4:41:28 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 10/11/2005 2:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 23/08/2001 1:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 23/08/2001 1:00:00 PM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 23/08/2001 1:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 23/08/2001 1:00:00 PM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
09/03/2006 3:29:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 23/08/2001 1:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 23/08/2001 1:00:00 PM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 23/08/2001 1:00:00 PM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 23/09/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 29/08/2002 4:41:28 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 23/08/2001 1:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 23/08/2001 1:00:00 PM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
28/09/2004 4:00:00 AM 6151 C:\WINDOWS\SYSTEM32\txp4.cpl
17/02/2004 11:11:00 AM 53248 C:\WINDOWS\SYSTEM32\vp6dec_settings.cpl
Microsoft Corporation 26/05/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 23/08/2001 1:00:00 PM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 29/08/2002 4:41:28 AM 578560 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 29/08/2002 4:41:28 AM 129024 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 23/08/2001 1:00:00 PM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 29/08/2002 4:41:28 AM 292352 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 29/08/2002 4:41:28 AM 121856 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 29/08/2002 4:41:28 AM 65536 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 23/08/2001 1:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 23/08/2001 1:00:00 PM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 23/08/2001 1:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 23/08/2001 1:00:00 PM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 23/08/2001 1:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 23/08/2001 1:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 23/08/2001 1:00:00 PM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 29/08/2002 4:41:28 AM 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 29/08/2002 4:41:28 AM 268288 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 23/08/2001 1:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 23/08/2001 1:00:00 PM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
22/04/2005 8:28:22 PM HS 84 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini
05/10/2005 1:39:56 AM 1658 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\UltraMon.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
05/10/2005 1:17:26 AM HS 62 C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
26/06/2006 9:50:10 AM 992 C:\Documents and Settings\Rico.CHRISTINE\Start Menu\Programs\Startup\Adobe Gamma.lnk
28/02/2006 2:33:28 AM 1628 C:\Documents and Settings\Rico.CHRISTINE\Start Menu\Programs\Startup\AM-Notebook.lnk
26/08/2004 10:09:52 PM HS 208 C:\Documents and Settings\Rico.CHRISTINE\Start Menu\Programs\Startup\desktop.ini
09/01/2005 3:55:40 AM 782 C:\Documents and Settings\Rico.CHRISTINE\Start Menu\Programs\Startup\PowerDesk.lnk
08/02/2005 6:08:16 PM 1658 C:\Documents and Settings\Rico.CHRISTINE\Start Menu\Programs\Startup\UltraMon.lnk

Checking files in %USERPROFILE%\Application Data folder...
05/10/2005 1:17:26 AM HS 62 C:\Documents and Settings\Rico.CHRISTINE\Application Data\desktop.ini
03/03/2006 11:24:00 AM 784 C:\Documents and Settings\Rico.CHRISTINE\Application Data\mpauth.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BitDefender Antivirus v8
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Program Files\Softwin\BitDefender9\bdshelxt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\PowerDesk Menu
{26E7F081-EB97-11d3-9239-006008D2D00F} = C:\Program Files\Ontrack\PowerDesk\pdshext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\PowerISO
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BitDefender Antivirus v8
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Program Files\Softwin\BitDefender9\bdshelxt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\jetAudio
{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} = C:\Program Files\JetAudio\JetFlExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\PowerISO
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\jetAudio
{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} = C:\Program Files\JetAudio\JetFlExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\PowerDesk Menu
{26E7F081-EB97-11d3-9239-006008D2D00F} = C:\Program Files\Ontrack\PowerDesk\pdshext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\PowerISO
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
PCTools Site Guard = C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}
PCTools Browser Monitor = C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
ButtonText = Spyware Doctor :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\PROGRA~1\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
ButtonText = @shdoclc.dll,-866 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
MenuText = Windows Messenger :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
BDNewsAgent "c:\progra~1\softwin\bitdef~1\bdnagent.exe "
BDSwitchAgent "c:\progra~1\softwin\bitdef~1\bdswitch.exe "
BDMCon C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
Hot Key Kbd 2690 Daemon SK2690DM.EXE
MSF_Monitor RunDll32.exe C:\PROGRA~1\MYSECR~1\MSF32.dll,Start
LVCOMSX C:\WINDOWS\System32\LVCOMSX.EXE
LogitechVideoRepair C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray C:\Program Files\Logitech\Video\LogiTray.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
!ewido "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
WIAWizardMenu RUNDLL32.EXE C:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
HomeAlarm C:\Program Files\Chameleon Clock\ChamClock.exe
LogitechSoftwareUpdate "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
µTorrent "C:\Program Files\utorrent.exe "
Spyware Doctor C:\PROGRA~1\SPYWAR~2\swdoctor.exe /Q
msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Y!TunnelPro C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe
AIM C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
Skype "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
BITS 2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Csdi
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dllhost
hkey HKCU
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 2
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
Generic Host Process C:\WINDOWS\System32\antivir.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp
Disabled 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 36
NoSMHelp

NoRecentDocsMenu

NoActiveDesktop

ClearRecentDocsOnExit 1
NoRecentDocsHistory

NoRecentDocsNetHood

NoComputersNearMe

NoSMMyDocs

NoSMMyPictures

NoNetworkConnections

NoUserNameInStartMenu
NoTrayItemsDisplay
NoFind

NoSharedDocuments

NoLogoff

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
DisableRegistryTools 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Media Center
= C:\WINDOWS\system32\en4ml1h11.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs sockspy.dll


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 06/07/2006 1:24:22 PM

 

OK, we need to run the second part of the Look2Me fix to repair some registry entries which were reset.

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so! Do Not run in safe mode!!
If after the reboot the log does not open double click on it in the l2mfix folder.

 

L2mfix 051206
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (708)
Killing 'winlogon.exe'
winlogon.exe (816)
Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (664)
Killing 'rundll32.exe'
"C:\WINDOWS\System32\RunDll32.exe" C:\PROGRA~1\MYSECR~1\MSF32.dll,Start (1964)
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous "=dword:00000000
"Impersonate "=dword:00000000
"DllName "=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff "= "ChainWlxLogoffEvent "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous "=dword:00000000
"Impersonate "=dword:00000000
"DllName "=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff "= "CryptnetWlxLogoffEvent "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName "= "cscdll.dll "
"Logon "= "WinlogonLogonEvent "
"Logoff "= "WinlogonLogoffEvent "
"ScreenSaver "= "WinlogonScreenSaverEvent "
"Startup "= "WinlogonStartupEvent "
"Shutdown "= "WinlogonShutdownEvent "
"StartShell "= "WinlogonStartShellEvent "
"Impersonate "=dword:00000000
"Asynchronous "=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Media Center]
"Asynchronous "=dword:00000000
"DllName "= "C:\\WINDOWS\\system32\\en4ml1h11.dll "
"Impersonate "=dword:00000000
"Logon "= "WinLogon "
"Logoff "= "WinLogoff "
"Shutdown "= "WinShutdown "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName "= "wlnotify.dll "
"Logon "= "SCardStartCertProp "
"Logoff "= "SCardStopCertProp "
"Lock "= "SCardSuspendCertProp "
"Unlock "= "SCardResumeCertProp "
"Enabled "=dword:00000001
"Impersonate "=dword:00000001
"Asynchronous "=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous "=dword:00000000
"DllName "=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate "=dword:00000000
"StartShell "= "SchedStartShell "
"Logoff "= "SchedEventLogOff "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff "= "WLEventLogoff "
"Impersonate "=dword:00000000
"Asynchronous "=dword:00000001
"DllName "=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName "= "WlNotify.dll "
"Lock "= "SensLockEvent "
"Logon "= "SensLogonEvent "
"Logoff "= "SensLogoffEvent "
"Safe "=dword:00000001
"MaxWait "=dword:00000258
"StartScreenSaver "= "SensStartScreenSaverEvent "
"StopScreenSaver "= "SensStopScreenSaverEvent "
"Startup "= "SensStartupEvent "
"Shutdown "= "SensShutdownEvent "
"StartShell "= "SensStartShellEvent "
"PostShell "= "SensPostShellEvent "
"Disconnect "= "SensDisconnectEvent "
"Reconnect "= "SensReconnectEvent "
"Unlock "= "SensUnlockEvent "
"Impersonate "=dword:00000001
"Asynchronous "=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous "=dword:00000000
"DllName "=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate "=dword:00000000
"Logoff "= "TSEventLogoff "
"Logon "= "TSEventLogon "
"PostShell "= "TSEventPostShell "
"Shutdown "= "TSEventShutdown "
"StartShell "= "TSEventStartShell "
"Startup "= "TSEventStartup "
"MaxWait "=dword:00000258
"Reconnect "= "TSEventReconnect "
"Disconnect "= "TSEventDisconnect "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName "= "wlnotify.dll "
"Logon "= "RegisterTicketExpiredNotificationEvent "
"Logoff "= "UnregisterTicketExpiredNotificationEvent "
"Impersonate "=dword:00000001
"Asynchronous "=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)

 

Logfile of HijackThis v1.99.1
Scan saved at 1:06:47 AM, on 07/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\Slave.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\WINDOWS\System32\SK2690DM.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\utorrent.exe
C:\PROGRA~1\SPYWAR~2\swdoctor.exe
C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\amnotebook\notebook.exe
C:\Program Files\Ontrack\PowerDesk\PDExplo.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ntlworld.com/
F3 - REG:win.ini: load=C:\WINDOWS\System32\antivir.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe "
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe "
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [Hot Key Kbd 2690 Daemon] SK2690DM.EXE
O4 - HKLM\..\Run: [MSF_Monitor] RunDll32.exe C:\PROGRA~1\MYSECR~1\MSF32.dll,Start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\utorrent.exe "
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~2\swdoctor.exe /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Y!TunnelPro] C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AM-Notebook.lnk = C:\Program Files\amnotebook\notebook.exe
O4 - Startup: PowerDesk.lnk = C:\Program Files\Ontrack\PowerDesk\PDExplo.exe
O4 - Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O4 - Global Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Media Center - C:\WINDOWS\system32\en4ml1h11.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: RA Server (Slave) - TWD Industries SAS - C:\WINDOWS\Slave.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

Now that we have reset those privileges, lets fix what remains.

Below you will find my results and recommendations. Please read ALL instructions carefully BEFORE proceeding.

Spyware Doctor's OnGuard protective functionality may interfere with certain HijackThis fixes we need to make. Please follow these instructions to disable it:

To deactivate Spyware Doctor's OnGuard Tools

1. From within Spyware Doctor, click the "OnGuard" button on the left side.
2. Uncheck "Activate OnGuard ".

You can re enable it once your system is clean.

First thing we need to do is stop the Service: RA Server (Slave) service:
Go to: Start > Run > type " services.msc ", then click OK

Scroll down to the Service: RA Server (Slave)service.

Click it to highlight it, then <right-click> and select: Properties
Select and set "Service Status" option to "Stop"
Select: "Startup type" and set it to "Disabled ", click Apply, then OK.

Reboot, into safe mode, this way:
Turn on the computer
Immediately begin tapping the <F8> key.
Use the arrow keys to highlight Safe Mode and press the <Enter> key.

Also, enable the 'Show Hidden Folders' option, like this:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please go to 'Task Manager' by hitting Ctrl+Alt+Delete and 'End Task' on the following process(es) if found to be running:
C:\WINDOWS\Slave.exe

Run Hijackthis and look over the following entries I have listed, check the boxes next to them and press the "Fix Checked" button with HijackThis. When you are doing this, make sure you have No IE windows, or other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank


F3 - REG:win.ini: load=C:\WINDOWS\System32\antivir.exe



O20 - Winlogon Notify: Media Center - C:\WINDOWS\system32\en4ml1h11.dll (file missing)


O23 - Service: RA Server (Slave) - TWD Industries SAS - C:\WINDOWS\Slave.exe

And search for, then delete, if found, (some may not be present after previous steps) the following files/folders:
C:\WINDOWS\Slave.exe<<<--file
C:\WINDOWS\system32\en4ml1h11.dll <<<--file
C:\WINDOWS\System32\antivir.exe<<<--file

To exit Safe Mode, click the Start button, click Turn Off Computer, click Restart.

Post a new HJT log back into this thread please and also let me know if you're experiencing any more problems.

 

hey there i did what u asked to the letter and now i can bring up the task manger but there still i prob for some reson theres nothing moving on task manger eg the performance, the numbers at the bottom ant there it used to tell me how my of my cpu power was being used but it doesnt any more any ideas on that ??

here the new log

Logfile of HijackThis v1.99.1
Scan saved at 4:49:30 AM, on 09/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ntlworld.com/
F3 - REG:win.ini: load=C:\WINDOWS\System32\antivir.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe "
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe "
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [Hot Key Kbd 2690 Daemon] SK2690DM.EXE
O4 - HKLM\..\Run: [MSF_Monitor] RunDll32.exe C:\PROGRA~1\MYSECR~1\MSF32.dll,Start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\utorrent.exe "
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Y!TunnelPro] C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AM-Notebook.lnk = C:\Program Files\amnotebook\notebook.exe
O4 - Startup: PowerDesk.lnk = C:\Program Files\Ontrack\PowerDesk\PDExplo.exe
O4 - Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O4 - Global Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Media Center - C:\WINDOWS\system32\en4ml1h11.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

OK, we have a reg fix we need to run and fix some things with HJT too.
save the following bolded text to notepad
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"Generic Host Process "=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\System]
"DisableTaskMgr "=-
"DisableRegistryTools "=-
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Media Center]

Hit save as
save as filename:
RegFix
under the filename set to all types.
save it to the desktop.
Close all IE's
double click the RegFix
when asked to merge say yes.

Run HJT, and place a check next to the following lines, then, with all browsers and windows closed, hit 'Fix checked':

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

F3 - REG:win.ini: load=C:\WINDOWS\System32\antivir.exe

O20 - Winlogon Notify: Media Center - C:\WINDOWS\system32\en4ml1h11.dll (file missing)


Reboot, into 'Safe mode',and search for, then delete, if found, the following files/folders:
C:\WINDOWS\system32\en4ml1h11.dll <<<--file
C:\WINDOWS\System32\antivir.exe<<<--file

Reboot into Normal mode and post a new HJT log back into this thread please.

Also let me know what other problems you are experiencing.

To fix task manager:

Double-click the outer border edge, things should re-appear as they are supposed to.

 

When viewing the Windows Task Manager, I have the following issues:

1) At the bottom of the window, where it normally says :
Processes: 42 CPU Usage: 4% and Commit Charge: 328M/2465M
(Numbers are just for example) Nothing is actually being shown here anymore. There's no writing, it's all blank down there.

2) When I click on the PERFORMANCE tab to view my CPU Usage History and Page File Usage History, not only is it not displaying any numbers in the Totals, Commit Charge, Physical Memory, or Kernel Memory areas, but my CPU Usage isn't displaying any numbers and it's bar isn't movig and my PF Usage is doing the same thing.



Logfile of HijackThis v1.99.1
Scan saved at 12:34:13 PM, on 09/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\utorrent.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\amnotebook\notebook.exe
C:\Program Files\Ontrack\PowerDesk\PDExplo.exe
C:\Program Files\remote-trial\Master.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\WINDOWS\system32\SK2690DM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ntlworld.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe "
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe "
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [Hot Key Kbd 2690 Daemon] SK2690DM.EXE
O4 - HKLM\..\Run: [MSF_Monitor] RunDll32.exe C:\PROGRA~1\MYSECR~1\MSF32.dll,Start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\utorrent.exe "
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Y!TunnelPro] C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AM-Notebook.lnk = C:\Program Files\amnotebook\notebook.exe
O4 - Startup: PowerDesk.lnk = C:\Program Files\Ontrack\PowerDesk\PDExplo.exe
O4 - Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O4 - Global Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

OK, well the infected file is now gone. The log file is clear of malware indicators. Are things ok now?

For task manager, try this repair tool from Kelly's Korner

 

for all your help thats reset worked great thx again you have helped me more then i can say thx for thx again

rico

 

OK, glkad to hear things are running as they should.

And to be fair, of course lots of help came from an expert who helps me out, Blender\Tammy and she used some reg fixes created by Mosaic1.

We have 3 more things to do, to help ensure you have removed all the little 'leftovers' which may be hiding:

Empty the TIF (Temporary Internet Files)
Delete all the files in (and any subfolders of) the C:\Windows\Temp folder
The app below will help with temp files.
Index.dat Suite

Also, delete all your cookies, and empty your recycle bin. But remember, by deleting your cookies, you will have to re-enter any passwords and log-in info for any sites you are usually required to do so with.

This would also be a good time to set a new system restore point for your machine.
Set New System Restore Point. Do not do this unless there are no other user accounts to be diagnosed.

Also, as you are an XP user, if there are any other accounts on this machine, they too, must be cleaned with AdAware, Spybot S&D, then HJT. Not all infections are global, nor are all the HJT fixes global. You can post each user account here into this thread, but please, do only one at a time to avoid confusion.

Here is a link which describes how security apps work with WIN XP machines.
XP User Accts Security Apps Operation

To further prevent the installation of ad/mal/spyware, DL the apps below, which are just as good the fight against ad/mal/spyware as AdAware & Spybot S&D:

SpywareBlaster
With SpywareBlaster v3.5.1 , just DL, install and check for updates, enable Internet Explorer protection, and your done! I don't recommend using IE restricted sites protection as it's not a very large database. Use IE-SPYADs below.

To avoid known malware infested sites from loading in IE install IESPY ADS.
And MVPS Hosts File will accomplish a similar tactic and provide another layer of protection.

And to prevent unknown applications from being inserted to start up on your machine install WinPatrol v10.0.1.

Another thing I would suggest, is to install SiteAdvisor. It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites.

Links for tutorials for all the apps I mentioned can be found on my site as well.

Confused about which apps are good or not? Read about Rogue/Approved Anti Security apps

And just because you have security apps installed, they are useless unless updated regularly. Keep track of updates for ALL your security needs here:
Calendar of Updates

Subscribe to update alerts for all the above security apps here.

You can also see my own ongoing security testing with all the above apps proving how securely you can safe with them installed.
TeMerc Test Box Forum

Happy surfing!!
Tom