odd website keeps coming back 2

Unknown

Dear,

I found a thread from someone who had the same problem like me but the cause is a little different. Some websites just keep coming back and i took a report too like the thread said but i dont have the hijack.exe on my computer so its a little different

This is what the l2mfix says:
L2MFIX find log 121205
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"Logoff"="NavLogoffEvent"
"DllName"="C:\\WINDOWS\\system32\\NavLogon.dll"
"StartShell"="NavStartShellEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnceEx]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\g440lehm1h4a.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{C3FB6C26-EBE3-02E9-984C-61D1CC910CC8}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{B1C31E89-7656-4936-B5FD-03A6B1425794}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B1C31E89-7656-4936-B5FD-03A6B1425794}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B1C31E89-7656-4936-B5FD-03A6B1425794}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B1C31E89-7656-4936-B5FD-03A6B1425794}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B1C31E89-7656-4936-B5FD-03A6B1425794}\InprocServer32]
@="C:\\WINDOWS\\system32\\rwvpperf.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
aisnw.dll Tue Dec 13 2005 5:44:20p ..S.R 235,988 230.46 K
g440le~1.dll Wed Dec 14 2005 10:09:34a ..S.R 233,770 228.29 K
gdi32.dll Thu Oct 6 2005 10:09:36a A.... 280,064 273.50 K
gkgkk.dll Wed Dec 14 2005 11:31:40a A.... 24,064 23.50 K
haspvdd.dll Wed Nov 16 2005 10:24:52a A.... 6,656 6.50 K
mshtml.dll Tue Oct 4 2005 5:26:00p A.... 3,015,168 2.88 M
px.dll Thu Sep 15 2005 2:17:44a ..... 462,848 452.00 K
pxdrv.dll Thu Sep 15 2005 2:17:44a ..... 319,488 312.00 K
pxmas.dll Thu Sep 15 2005 2:17:44a ..... 143,360 140.00 K
pxwave.dll Thu Sep 15 2005 2:17:44a ..... 286,720 280.00 K
quqiieq.dll Wed Dec 14 2005 11:31:40a A.... 67,072 65.50 K
rwvpperf.dll Wed Dec 14 2005 11:31:34a ..S.R 233,770 228.29 K
s2rs0c~1.dll Wed Dec 14 2005 11:29:36a ..S.R 236,444 230.90 K
shell32.dll Fri Sep 23 2005 10:05:30a A.... 8,450,560 8.06 M
sirenacm.dll Thu Oct 13 2005 7:11:06a A.... 118,784 116.00 K
vxblock.dll Thu Sep 15 2005 2:17:44a ..... 28,672 28.00 K
wuauclt.dll Wed Dec 14 2005 10:35:48a ..... 54,784 53.50 K

17 items found: 17 files (4 H/S), 0 directories.
Total of file sizes: 14,198,212 bytes 13.54 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is A848-54AC

Directory of C:\WINDOWS\System32

12/14/2005 11:31 AM 233,770 rwvpperf.dll
12/14/2005 11:29 AM 236,444 s2rs0c97ef.dll
12/14/2005 10:09 AM 233,770 g440lehm1h4a.dll
12/13/2005 05:44 PM 235,988 aisnw.dll
12/13/2005 05:36 PM 4,184 KGyGaAvL.sys
12/13/2005 05:36 PM 56 3CB72AF5C1.sys
12/08/2005 01:25 PM <DIR> dllcache
11/02/2005 01:25 PM <DIR> Microsoft
6 File(s) 944,212 bytes
2 Dir(s) 8,602,943,488 bytes free



I hope there is someone here who can help me out, i cant surf the internet in a normal way anymore ..
Thanks in advance

Farangtoone

Crunchie

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so! Do Not run in safe mode!!
If after the reboot the log does not open double click on it in the l2mfix folder.

==

Download HijackThis self-extracting zip version from here. Once downloaded, double click on the file & it will install into it's own, permanent folder.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.

farang

Logfile of HijackThis v1.99.1
Scan saved at 7:10:54 PM, on 12/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\SAVROAM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCAN.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Toon\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\yoyppw.exe reg_run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Toon\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\f60o0gd3e60.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Crunchie

Crunchie wrote:

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so! Do Not run in safe mode!!
If after the reboot the log does not open double click on it in the l2mfix folder.

==

You forgot something .

farang

sorry :-)

L2mfix Beta 121205
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.

Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 436 'smss.exe'
Killing PID 436 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 516 'winlogon.exe'
Killing PID 516 'winlogon.exe'
Killing PID 516 'winlogon.exe'
Killing PID 516 'winlogon.exe'
Killing PID 516 'winlogon.exe'
Killing PID 516 'winlogon.exe'
Killing PID 516 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1872 'explorer.exe'
Killing PID 1872 'explorer.exe'
Killing PID 1872 'explorer.exe'
Killing PID 1872 'explorer.exe'
Killing PID 1872 'explorer.exe'
Killing PID 1872 'explorer.exe'
Killing PID 1872 'explorer.exe'
Killing PID 1872 'explorer.exe'
Killing PID 1872 'explorer.exe'
Killing PID 1872 'explorer.exe'
Killing PID 1872 'explorer.exe'
Killing PID 1872 'explorer.exe'
Killing PID 1872 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1236 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
Granting SeDebugPrivilege to Administrateurs ... failed (GetAccountSid(Administrateurs)=1332
Granting SeDebugPrivilege to Administrat๖rer ... failed (GetAccountSid(Administrat๖rer)=1332
Granting SeDebugPrivilege to Administradores ... failed (GetAccountSid(Administradores)=1332
Granting SeDebugPrivilege to Amministratore ... failed (GetAccountSid(Amministratore)=1332
Granting SeDebugPrivilege to Administratoren ... failed (GetAccountSid(Administratoren)=1332

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\khdfi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m0lsla371d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\q8ps0i77e8.dll
1 file(s) copied.
deleting: C:\WINDOWS\system32\khdfi.dll
Successfully Deleted: C:\WINDOWS\system32\khdfi.dll
deleting: C:\WINDOWS\system32\m0lsla371d.dll
Successfully Deleted: C:\WINDOWS\system32\m0lsla371d.dll
deleting: C:\WINDOWS\system32\q8ps0i77e8.dll
Successfully Deleted: C:\WINDOWS\system32\q8ps0i77e8.dll


Zipping up files for submission:
adding: Documents and Settings/Toon/Desktop/l2mfix/backregs/notibac.reg (164 bytes security) (deflated 87%)
adding: Documents and Settings/Toon/Desktop/l2mfix/backregs/shell.reg (164 bytes security) (deflated 74%)


Restoring Windows Update Certificates.:

deleting local copy: khdfi.dll
deleting local copy: m0lsla371d.dll
deleting local copy: q8ps0i77e8.dll

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Explorer]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\m0lsla371d.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=&quot;"
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"Logoff"="NavLogoffEvent"
"DllName"="C:\\WINDOWS\\system32\\NavLogon.dll"
"StartShell"="NavStartShellEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\khdfi.dll
C:\WINDOWS\system32\m0lsla371d.dll
C:\WINDOWS\system32\q8ps0i77e8.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B1C31E89-7656-4936-B5FD-03A6B1425794}]
@=&quot;"

[HKEY_CLASSES_ROOT\CLSID\{B1C31E89-7656-4936-B5FD-03A6B1425794}\Implemented Categories]
@=&quot;"

[HKEY_CLASSES_ROOT\CLSID\{B1C31E89-7656-4936-B5FD-03A6B1425794}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=&quot;"

[HKEY_CLASSES_ROOT\CLSID\{B1C31E89-7656-4936-B5FD-03A6B1425794}\InprocServer32]
@=&quot;C:\\WINDOWS\\system32\\khdfi.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{B1C31E89-7656-4936-B5FD-03A6B1425794}"=-
[-HKEY_CLASSES_ROOT\CLSID\{B1C31E89-7656-4936-B5FD-03A6B1425794}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
C:\WINDOWS\System32\B1C31E89-7656-4936-B5FD-03A6B1425794.reg
Checking for L2MFix account(0=no 1=yes):
0

Crunchie

Looks like that did the job . Just a new hijackthis log and we can finish the clean up.

farang

L2MFIX find log 121205
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Explorer]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\m0lsla371d.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=&quot;"
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"Logoff"="NavLogoffEvent"
"DllName"="C:\\WINDOWS\\system32\\NavLogon.dll"
"StartShell"="NavStartShellEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{48F45200-91E6-11CE-8A4F-0080C81A28D4}"="TMD Shell Extension"
"{771A9DA0-731A-11CE-993C-00AA004ADB6C}"="VBPropSheet"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
browseui.dll Thu Nov 24 2005 8:06:34a A.... 1,022,464 998.50 K
cdfview.dll Fri Oct 21 2005 10:39:26a A.... 151,040 147.50 K
danim.dll Sat Nov 5 2005 10:16:24a A.... 1,054,208 1.00 M
dxtrans.dll Fri Oct 21 2005 10:39:28a A.... 205,312 200.50 K
esent.dll Fri Oct 21 2005 5:20:04a A.... 1,082,368 1.03 M
extmgr.dll Fri Oct 21 2005 10:39:28a ..... 55,808 54.50 K
gdi32.dll Thu Oct 6 2005 10:09:36a A.... 280,064 273.50 K
gkgkk.dll Fri Dec 16 2005 10:03:10a A.... 24,064 23.50 K
haspvdd.dll Wed Nov 16 2005 10:24:52a A.... 6,656 6.50 K
iepeers.dll Fri Oct 21 2005 10:39:28a A.... 251,392 245.50 K
inseng.dll Fri Oct 21 2005 10:39:28a A.... 96,256 94.00 K
mshtml.dll Thu Nov 24 2005 8:06:34a A.... 3,015,680 2.88 M
mshtmled.dll Fri Oct 21 2005 10:39:30a A.... 448,512 438.00 K
msrating.dll Fri Oct 21 2005 10:39:30a A.... 146,432 143.00 K
mstime.dll Fri Oct 21 2005 10:39:30a A.... 530,944 518.50 K
pngfilt.dll Fri Oct 21 2005 10:39:30a A.... 39,424 38.50 K
quqiieq.dll Fri Dec 16 2005 10:03:10a A.... 67,072 65.50 K
shdocvw.dll Thu Dec 1 2005 10:59:30a A.... 1,492,480 1.42 M
shell32.dll Fri Sep 23 2005 10:05:30a A.... 8,450,560 8.06 M
shlwapi.dll Fri Oct 21 2005 10:39:30a A.... 473,600 462.50 K
sirenacm.dll Thu Oct 13 2005 7:11:06a A.... 118,784 116.00 K
spmsg.dll Thu Oct 13 2005 6:12:26a ..... 14,048 13.72 K
urlmon.dll Sat Nov 5 2005 10:16:28a A.... 609,280 595.00 K
wininet.dll Fri Oct 21 2005 10:39:30a A.... 658,432 643.00 K

24 items found: 24 files, 0 directories.
Total of file sizes: 20,294,880 bytes 19.35 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is A848-54AC

Directory of C:\WINDOWS\System32

12/13/2005 05:36 PM 4,184 KGyGaAvL.sys
12/13/2005 05:36 PM 56 3CB72AF5C1.sys
12/08/2005 01:25 PM <DIR> dllcache
11/02/2005 01:25 PM <DIR> Microsoft
2 File(s) 4,240 bytes
2 Dir(s) 7,361,536,000 bytes free

Crunchie

Crunchie wrote:

Looks like that did the job . Just a new hijackthis log and we can finish the clean up.

oops. Wrong log .

farang

Logfile of HijackThis v1.99.1
Scan saved at 5:01:17 PM, on 12/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\SAVROAM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCAN.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\MACROMEDIA\DIRECTOR MX 2004\DIRECTOR.EXE
C:\DOCUME~1\Toon\LOCALS~1\Temp\~e5d141.tmp
C:\DOCUME~1\Toon\LOCALS~1\Temp\~e5d141.tmp
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Toon\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\yoyppw.exe reg_run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Toon\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\m0lsla371d.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

farang

sorry ;-)

Crunchie

Can you please do the following.

===============

Let's look for, and delete, any program segments (prefetches) that might be present, and are associated with the 'problems' we're trying to remove from your PC. To do this, let's:

1) Click "Start | Search", then search for each of these program's base name(s), in all files and folders:

~e5d141.tmp*

2) Then if any are found in the 'prefetch' folder, delete them.

Look closely, since the 'base' name will have a bunch of random numbers and letters attached to it.

===============

Run HiJackThis then:

1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\DOCUME~1\Toon\LOCALS~1\Temp\~e5d141.tmp

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Still in HiJackThis, click "Scan", then check(tick) the following, if present:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\yoyppw.exe reg_run

O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\m0lsla371d.dll (file missing)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

C:\DOCUME~1\Toon\LOCALS~1\Temp\~e5d141.tmp
C:\WINDOWS\system32\yoyppw.exe

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

Once in Safe Mode, please run Ewido, and do a full scan. During the scan it will prompt you to clean files, click OK.

Save the logfile from the scan. Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

farang

hello

i cant click the scan button in hijackthis .. i have no idea why ..
thanks

Crunchie

Try deleting that one you have, then redownload it and try again.

farang

ok so far so good

this is the hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 7:30:50 PM, on 12/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRAM FILES\EWIDO\SECURITY SUITE\EWIDOGUARD.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCAN.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\Documents and Settings\Toon\Desktop\HijackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCLIENT.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Toon\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

---

---

and this is the scan log:

---

ewido security suite - Scan report

---

+ Created on: 7:17:24 PM, 12/16/2005
+ Report-Checksum: D8537AC3

+ Scan result:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pqpo.exe -> Downloader.Qoologic.at : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.****-access : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.369:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.382:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.395:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.396:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.397:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.398:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.401:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.409:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.410:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.411:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.412:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.419:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.431:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.457:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.463:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.464:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.466:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.467:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.494:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.505:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.517:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.519:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.520:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.521:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.524:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Etracker : Cleaned with backup
:mozilla.543:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Etracker : Cleaned with backup
:mozilla.544:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.548:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.549:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.550:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.568:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.615:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.639:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.640:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.641:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.642:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.659:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.670:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.671:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.716:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.746:C:\Documents and Settings\Toon\Application Data\Mozilla\Firefox\Profiles\ufmtpvfo.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Toon\Cookies\toon@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Toon\Cookies\toon@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Toon\Local Settings\Temporary Internet Files\Content.IE5\DKJI77X7\hosts[1].txt -> Trojan.Qhost.el : Cleaned with backup
C:\WINDOWS\hosts -> Trojan.Qhost.el : Cleaned with backup
C:\WINDOWS\system32\kbkjjfk.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\qyqww.dat -> Downloader.Qoologic.at : Cleaned with backup
C:\WINDOWS\system32\yoyppw.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\WINDOWS\Temp\Cookies\toon@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup


::Report End

thanks

Crunchie

Congratulations! Your log looks clean - good work!

===============

Now that your PC is clean you need to follow these easy steps to keeping it this way:

Secure your Internet Explorer by going here and following the instructions there.

Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.

Use a firewall to help prevent your PC's control being usurped by undesireables. There is a link to a good, free firewall in my signature.

Install and keep updated, Ad-Aware SE, and Spybot S&D.
Run them both on a regular basis, following the manufacturer's recommendations.

Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.

Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.


Clear your Temp folders.
Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.
Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.

Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)

C:\Documents and Settings\username\Local Settings\Temp\

In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

Empty the Recycle Bin.

For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.

Go to Start>Run and type msconfig. Press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.

Check the box labelled 'Turn off System restore'.

Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

Note that all previous restore points will be lost.

===============

If you have any more problems, post back.

-

Happy surfing,

crunchie.

farang

thanks so much!!

I am using firefox already and i am behind a server firewall. yes i should get a personal virusscanner.

Thanks
bye bye
Farangtoone

Crunchie

You are welcome .

This thread is now closed. If you need it reopened, please send a PM to one of our Mods.

Include the link to the thread and detail why you need it reopened.

If this is not your thread please start a New Topic.