0

Went to a site that I shouldn't have and got hammered. I have run Spybot, Adaware, Trend Micro's security suite, and Kaspersky Internet Security 6.0. I cleaned tons of crap. Thse programs are no longer finding anything and it appears that my computer is operating fine except I can't change my damn homepage in IE. So I ran Hijack this and this is what I found:

Logfile of HijackThis v1.99.1
Scan saved at 7:45:53 PM, on 6/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\RunDLL32.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\System32\a080178c.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\System32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [a080178c.exe] C:\WINDOWS\System32\a080178c.exe
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE
O4 - HKCU\..\Run: [a080178c.exe] C:\Documents and Settings\Chris Stone\Local Settings\Application Data\a080178c.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4779/mcfscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

I wound appreciate any and all help :)

4
Contributors
15
Replies
16
Views
11 Years
Discussion Span
Last Post by kylethedarkn
0

I want you to try one more scanner first
Plz Download Ewido from here

  1. Install ewido anti-malware
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  3. Launch ewido, there should be an icon on your desktop, double-click it.
  4. The program will now open to the main screen.
  5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  6. You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  7. The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

  • Open up Ewido
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
  • Close ewido anti-malware.

Reboot.

After reboot post the ewido log along with a new HJT log

BTW-If you have mozilla why are you using IE?

0

I switched becuase of the prob:) I am enjoying firefox it appears to be a great browser. However though... there are still a few web sites around that dont' work well with it.

0

Hi there, please do the follwoing for me.

Run HJT again, and check these items.

O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\System32\hp100.tmp

O4 - HKLM\..\Run: [a080178c.exe] C:\WINDOWS\System32\a080178c.exe

O4 - HKCU\..\Run: [a080178c.exe] C:\Documents and Settings\Chris Stone\Local Settings\Application Data\a080178c.exe

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab

Click Fix Checked.
____________________________________________

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

______________________________________________________

Post the smitfraudfix log, and a new HJT log, and the ewido log previously requested

0

Ewido seemed to be going fast till it hit about 34% but has really slowed down.

0

okay I ran ewoid and this is what I have so far...

Logfile of HijackThis v1.99.1
Scan saved at 9:03:16 PM, on 6/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\RunDLL32.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\System32\a080178c.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\System32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [a080178c.exe] C:\WINDOWS\System32\a080178c.exe
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE
O4 - HKCU\..\Run: [a080178c.exe] C:\Documents and Settings\Chris Stone\Local Settings\Application Data\a080178c.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4779/mcfscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:57:41 PM, 6/12/2006
+ Report-Checksum: D4C58C30

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : Cleaned with backup
C:\WINDOWS\SYSTEM32\1024 -> Trojan.Small : Cleaned with backup
C:\WINDOWS\SYSTEM32\1024\ldF247.tmp -> Trojan.Small : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N57M1511NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\Program Files\AutoUpdate -> Adware.Apropos : Cleaned with backup
C:\Program Files\AutoUpdate\libexpat.dll -> Adware.Apropos : Cleaned with backup
C:\Program Files\Web Offer -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\INSTALL.LOG -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\UNWISE.EXE -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\wndbannnp.src -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\versionp.vrn -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\basisp.dst -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\basisp.kwd -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\basisp.pu -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\basisp.rst -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\paramp.ez -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\gendis.ez -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\rwdsp.rst -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\sepng.dll -> Adware.eZula : Cleaned with backup
C:\Program Files\Web Offer\upgradep.vrn -> Adware.eZula : Cleaned with backup
C:\Documents and Settings\Chris Stone\Local Settings\Temp\Cookies\chris [email]stone@cbs.112.2o7[2].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chris Stone\Local Settings\Temp\Cookies\chris [email]stone@adopt.specificclick[1].txt[/email] -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Chris Stone\Local Settings\Temp\Cookies\chris [email]stone@tacoda[1].txt[/email] -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Chris Stone\Local Settings\Temp\Cookies\chris [email]stone@image.masterstats[1].txt[/email] -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Chris Stone\Local Settings\Temp\Cookies\chris [email]stone@ads.realcastmedia[1].txt[/email] -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Chris Stone\Local Settings\Temp\Cookies\chris [email]stone@tacoda[2].txt[/email] -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Chris Stone\Local Settings\Temp\Cookies\chris [email]stone@ad.yieldmanager[2].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Chris Stone\Local Settings\Temp\Cookies\chris [email]stone@yieldmanager[2].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Chris Stone\Local Settings\Temp\Cookies\chris [email]stone@starware[2].txt[/email] -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Chris Stone\Local Settings\Temp\Cookies\chris [email]stone@ads.realcastmedia[2].txt[/email] -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Chris Stone\Local Settings\Temp\Cookies\chris [email]stone@ad.yieldmanager[3].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Chris Stone\Local Settings\Temp\Cookies\chris [email]stone@www.burstbeacon[2].txt[/email] -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Chris Stone\Local Settings\Temp\Cookies\chris [email]stone@yieldmanager[1].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Chris Stone\Local Settings\Temp\Cookies\chris [email]stone@burstnet[2].txt[/email] -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Chris Stone\Local Settings\Temp\Cookies\chris [email]stone@microsofteup.112.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chris Stone\Local Settings\Temp\Cookies\chris [email]stone@com[1].txt[/email] -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Chris Stone\Local Settings\Temp\ICD1.tmp\UWFX5_0001_N57M1511NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@adopt.specificclick[1].txt[/email] -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@www.burstbeacon[3].txt[/email] -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@yadro[2].txt[/email] -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@webstat[1].txt[/email] -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@webstat[2].txt[/email] -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@hypertracker[1].txt[/email] -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@www.burstbeacon[1].txt[/email] -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@burstnet[2].txt[/email] -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@ads.pointroll[2].txt[/email] -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@www.realcastmedia[1].txt[/email] -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@www.web-stat[2].txt[/email] -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@yadro[1].txt[/email] -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@ads.euniverseads[2].txt[/email] -> TrackingCookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@starware[2].txt[/email] -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@c.enhance[1].txt[/email] -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiopcjacoa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@www.burstbeacon[2].txt[/email] -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@ivwbox[1].txt[/email] -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4sjdjodpgidj6x9ny-1seq-2-2.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@112.2o7[2].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@rotator.adjuggler[1].txt[/email] -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@cz9.clickzs[1].txt[/email] -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@cz5.clickzs[1].txt[/email] -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@cz7.clickzs[2].txt[/email] -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@burstnet[1].txt[/email] -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@adopt.specificclick[3].txt[/email] -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@ad.yieldmanager[2].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@e-2dj6wfkogidjsao.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@e-2dj6wfkoojc5alo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@e-2dj6wjliggc5ieo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@e-2dj6wfkoogdjcap.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@e-2dj6wfkoegcjcbp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@realcastmedia[2].txt[/email] -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@www.myaffiliateprogram[2].txt[/email] -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@ads.realcastmedia[1].txt[/email] -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@tacoda[2].txt[/email] -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@clickhype[1].txt[/email] -> TrackingCookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@ads.realcastmedia[3].txt[/email] -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@ad1.clickhype[1].txt[/email] -> TrackingCookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@realcastmedia[1].txt[/email] -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@e-2dj6wfk4ahcjgdo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@e-2dj6wfloooczmgo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@e-2dj6wjl4wnd5wko.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@e-2dj6wjmiwhdzobq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@image.masterstats[2].txt[/email] -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@webstat[3].txt[/email] -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@www.burstnet[1].txt[/email] -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@sales.liveperson[2].txt[/email] -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@www.web-stat[3].txt[/email] -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@e-2dj6wflionc5kkq.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@com[1].txt[/email] -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@gettyimages.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@e-2dj6wjmyklcjmhq.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@www.adtrak[1].txt[/email] -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@cpvfeed[1].txt[/email] -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@h.starware[2].txt[/email] -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@yadro[4].txt[/email] -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@server3.web-stat[2].txt[/email] -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@starware[3].txt[/email] -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@burstnet[3].txt[/email] -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@rotator.adjuggler[3].txt[/email] -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@adopt.specificclick[2].txt[/email] -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@stats1.reliablestats[2].txt[/email] -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@hypertracker[2].txt[/email] -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@adopt.euroclick[2].txt[/email] -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@paypopup[2].txt[/email] -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@e-2dj6wfkocmajgfo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@entrepreneur.122.2o7[2].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@yieldmanager[2].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@e-2dj6wjnywpajcap.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@e-2dj6wjlounajifp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@ads.realcastmedia[2].txt[/email] -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@www.myaffiliateprogram[3].txt[/email] -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@entrepreneur.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@cpvfeed[2].txt[/email] -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@starware[4].txt[/email] -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@sales.liveperson[3].txt[/email] -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@e-2dj6wjnywidjkgp.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@e-2dj6wjligkd5sgo.stats.esomniture[2].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@yadro[5].txt[/email] -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@www.burstbeacon[4].txt[/email] -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@journalregistercompany.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@stats1.reliablestats[3].txt[/email] -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@partygaming.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@paypopup[1].txt[/email] -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@c.goclick[2].txt[/email] -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@tribuneinteractive.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@chicagosuntimes.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@cnn.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@e-2dj6wjnycgd5clp.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@e-2dj6wjnygidzicp.stats.esomniture[1].txt[/email] -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@tacoda[1].txt[/email] -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@buycom.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@web-stat[2].txt[/email] -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@yieldmanager[1].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@adopt.euroclick[3].txt[/email] -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@adopt.specificclick[4].txt[/email] -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@acronis.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@www.myaffiliateprogram[1].txt[/email] -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@data3.perf.overture[2].txt[/email] -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@data4.perf.overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@ad.adocean[1].txt[/email] -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@burstnet[5].txt[/email] -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@ad.yieldmanager[1].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@webstat[5].txt[/email] -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@hypertracker[4].txt[/email] -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@harpo.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@cbs.112.2o7[2].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@anat.tacoda[1].txt[/email] -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@rotator.adjuggler[2].txt[/email] -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@data2.perf.overture[2].txt[/email] -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@c.enhance[2].txt[/email] -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@112.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@adopt.specificclick[6].txt[/email] -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@yieldmanager[3].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@tacoda[4].txt[/email] -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@sonymediasoftware.122.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@adopt.euroclick[1].txt[/email] -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@burstnet[6].txt[/email] -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@data1.perf.overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@anat.tacoda[2].txt[/email] -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@www.burstbeacon[6].txt[/email] -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@ad.yieldmanager[4].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@data4.perf.overture[2].txt[/email] -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@reviews-zdnet.com[1].txt[/email] -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@rotator.adjuggler[4].txt[/email] -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Chris Stone\Cookies\chris [email]stone@www.myaffiliateprogram[4].txt[/email] -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
-> : Error during cleaning
:mozilla.35:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.364:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.402:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.403:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.405:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.406:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.543:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.544:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.545:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.592:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.599:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.618:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.628:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.786:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.787:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.794:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.827:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.832:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.876:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.891:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.907:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
:mozilla.911:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.912:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.913:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.914:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.917:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
:mozilla.924:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
:mozilla.925:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.927:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.928:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.929:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.931:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.934:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.942:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.948:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.950:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.951:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.952:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.953:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.955:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.956:C:\Documents and Settings\Chris Stone\Application Data\Mozilla\Firefox\Profiles\0w244h1n.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup

0

okay I unclicked everything tayspen mentioned and I also ran SmitfruadFix here is the log...

SmitFraudFix v2.59

Scan done at 21:39:36.07, Mon 06/12/2006
Run from C:\Documents and Settings\Chris Stone\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Chris Stone\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHRISS~1\FAVORI~1

C:\DOCUME~1\CHRISS~1\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\ALLUSE~1\DESKTOP\Online Security Guide.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9952355f-fefb-4764-bcd7-a993d03dd7e2}"="commencement"

[HKEY_CLASSES_ROOT\CLSID\{9952355f-fefb-4764-bcd7-a993d03dd7e2}\InProcServer32]
@="C:\WINDOWS\System32\ornzq.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{9952355f-fefb-4764-bcd7-a993d03dd7e2}\InProcServer32]
@="C:\WINDOWS\System32\ornzq.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

0

Next, please reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

_________________________________________________________

Post a fresh log, and the smitfruadfix log

0

Okay I did what I was told. When I rebooted I accidentaly opened IE instead of firefox and I got the MSN home page!!!! :cheesy: I did loose my background but that is a small price to pay, just gotta find a new one. Here are the logs...

SmitFraudFix v2.59

Scan done at 20:36:59.45, Tue 06/13/2006
Run from C:\Documents and Settings\Chris Stone\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9952355f-fefb-4764-bcd7-a993d03dd7e2}"="commencement"

[HKEY_CLASSES_ROOT\CLSID\{9952355f-fefb-4764-bcd7-a993d03dd7e2}\InProcServer32]
@="C:\WINDOWS\System32\ornzq.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{9952355f-fefb-4764-bcd7-a993d03dd7e2}\InProcServer32]
@="C:\WINDOWS\System32\ornzq.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp???.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\DOCUME~1\ALLUSE~1\DESKTOP\Online Security Guide.url Deleted
C:\DOCUME~1\CHRISS~1\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\System32\ornzq.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of HijackThis v1.99.1
Scan saved at 8:41:47 PM, on 6/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\RunDLL32.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4779/mcfscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

0

I cant see anything wrong with this log except the following

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Plz check this and click on fix checked.

0

No, don't check that. It has to do with Spwspweeper, and if spysweeper is still on your computer, checking that could cause problems. If SS is not on your system, then you can check it.

kylethedarkn - Just for future reference, just because it says file missing, does not mean it is :). It can be a bug in HJT.

0

Hi everyone, sorry for bringing up an old post.
I have the same problem, i cant change my homepage. Ive done everything like chris so cal, by that i mean i scanned my computer with varius programs but nothing helps (god damn Virus).
Anyway i noticed that everything worked out for chris, I tried to fix it on my own, but no success :sad: . Can anyone plz help me?? Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 19:23:20, on 03.07.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
D:\Programme\AntiVir PersonalEdition Classic\sched.exe
D:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
D:\Programme\GetRight\getright.exe
D:\Programme\GetRight\getright.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
D:\Moji Dokumenti\Programi\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Programme\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar\01.01.2607.0\de\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avgnt] "D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Programme\GetRight\getright.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://news.beograd.com/AxisCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD49EE48-4CAC-4C65-9711-F313EEAFE0D6}: NameServer = 195.50.140.250 195.50.140.114
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - D:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

0

Plz don't piggy back off someone else's thread plz post a new thread with a title like plz help, cant change homepage or something similar.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.