WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Instant Blue Screen with Adaware Definition Update

Started by drbandage , Feb 18 2007 03:05 AM

This topic is locked

7 replies to this topic

#1 drbandage

New Member

New Member
10 posts

Posted 18 February 2007 - 03:05 AM

I previously had adaware on my computer, but finally just gave up using it when the BSOD appeared regularly with attempts to update. My computer seems very buggy in general lately, and very recently I had a big problem trying to "turn off" the computer, as it was non-responsive to this.

I have tried all sorts of freeware trying to get things right, and I don't know what worked and didn't. I can now indeed turn off my computer and am grateful for that. I still get the BSOD with any attempt to get web updates with Adaware.

BTW, when I read the instructions here :rofl:

(yes, I actually did!), and I tried to download SpyBot and Adaware with the "click here" buttons, I get Error 404. Now, I am really confused. But, here's my log after first scan with Hijackthis: (any help would be greatly appreaciated. Thanks.):Logfile of HijackThis v1.99.1
Scan saved at 12:36:56 AM, on 2/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ENCOREPRO\Binn\sqlservr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Startup: MS SQL Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Options - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: bw+0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MSSQL$ENCOREPRO - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$ENCOREPRO\Binn\sqlservr.exe" -sENCOREPRO (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SQLAgent$ENCOREPRO - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$ENCOREPRO\Binn\sqlagent.EXE" -i ENCOREPRO (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Web Update Service by PowerProgrammer (WebUpdate) - Unknown owner - C:\WINDOWS\system32\WebUpdateSvc.exe (file missing)

Advertisements

Register to Remove

#2 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 25 February 2007 - 04:38 PM

drbandage

Welcome to Tom Coyote . Sorry about the delay in responding but we are as most times just overwhelmed with logs.

First thing I would do is go to your Add-Remove Programs in the Control Panel and remove Desktop Messenger.

C:\Program Files\Logitech\Desktop Messenger <-- Just this program, the rest of the Logitech programs are needed for you hardware to run. This was installed because you failed to read the (EULA) End Users License Aggreement when you installed there software.

Open HijackThis > Do a System Scan Only, close your browser and all open windows, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

The rest of your log looks fine. :thumbup:

Lets clean you up a bit and run a couple of online virus scanners.

Download and Install CCleaner
If you don't want the Yahoo Toolbar, be sure to uncheck it during installation
* Click on Run Cleaner
* Run the Issues Scan < -- After it scans your system, when you click on the Fix button and it asks you to backup the Registry..Say Yes
Tutorial for CCleaner

Run the scan from Trendmicro first, if it finds anything run it again.

Please run Trend Micro House Call

Click Scan now. It's free!
Read and put a Check next to Yes I accept the terms of use.
Click the Launching HouseCall>> button.
Under "Browser plug-in" Installing and using Housecall kernel, click the Starting HouseCall>> button.
You may receive a prompt to install the ActiveX, click install.
If you are taken back to the main page, click Launching HouseCall>> button again.
Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
Please be patient while it installs, updates, and scans your system.
Once the scan is complete, it will take you to the summary page.
Under Cleanup options, choose clean all detected infections automatically.
Click the Clean now>> button.
If anything was found you may be prompted to run the scan again, you can just close the browser window.
When the scan is finished, please restart your computer.

After you run the cleanup program and then Housecall, run Panda and I need to see this report along with a new HJT log.

Run Panda's ActiveScan from here and perform a full system scan.

Once you are on the Panda site click the "Scan your PC" button
A new window will open...click the big "Check Now" button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
If you are on a slow connection it will take about 15 minuites for the scanner to load.
Click on "Local Disks" to start the scan
Once scan is done, click "see report" then "save report"
Save the log someplace you can find
12. Reboot
Post the Panda scan results in your next reply

What I need to see is any files that Housecall found and could not remove, the Panda log and a New HJT log.

You can use the links in my signature to download and install both Spybot and Ad-Aware, you may have gotten a bad link.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#3 drbandage

New Member

New Member
10 posts

Posted 01 March 2007 - 11:41 AM

Welcome to Tom Coyote . Sorry about the delay in responding but we are as most times just overwhelmed with logs.

I am just very happy to have your kind help. Delays are understandable, especially at the prices you're charging!

Fortunately, I already had CC Cleaner, and I re-ran that.

I then went to Trend Micro and ran that, although it was challenging. I am not computer savvy, but I usually get by. I didn't get the House Call to start with my Firefox browser, and I don't know if it was that activeX issue. I didn't even see a button to OK activeX, but I finally did a work around by opening up IE and managed to get the scan going.

The very first time I tried it, I saw some preliminary results that showed at least one infection, but I was just getting started, so I didn't take any specific action as the scan had a long ways to go.

Then, as the scan said 13 hours to go, then I would check back in a couple hours and it would say perhaps 3 hours to go. I'd come back a half hour later, and my browser had been closed!!! This happened on several occasion, so I finally just moved on. I did have the automatic fix option selected, but it shouldn't end up closing my broswer, as nearly as I can tell.

Next, I went to Panda and did the scan. I will post that log on this the bottom of this post.

Then, I went to Hijackthis and ran another scan and I will post this as well.

BTW, as a clue, perhaps: I keep running into the dreaded: Firefox has encountered a serious error and needs to shut down. It just seems to happen at random times.

When on IE, I get the IE has encountered a serious error and needs to shut down (although I am not often there, so I can't say how frequently that happens.

After you run the cleanup program and then Housecall, run Panda and I need to see this report along with a new HJT log.

I would appear that I am over the limit of characters allowed per post (probably a bad sign!), so I will attach the HJT log to the post that follows.

Incident Status Location

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4d4mzd7y.Dec 2006\cookies.txt[.go.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4d4mzd7y.Dec 2006\cookies.txt[.112.2o7.net/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\1oqp22s3.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\1oqp22s3.default\cookies.txt[.overture.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\1oqp22s3.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\1oqp22s3.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\1oqp22s3.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\1oqp22s3.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\1oqp22s3.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\1oqp22s3.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\1oqp22s3.default\cookies.txt[.statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\1oqp22s3.default\cookies.txt[.statse.webtrendslive.com/dcsgcxwngpifwznfzlmv83o6w_5w4m]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\1oqp22s3.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\1oqp22s3.default\cookies.txt[.ehg-idg.hitbox.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\1oqp22s3.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\1oqp22s3.default\cookies.txt[.data.coremetrics.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\1oqp22s3.default\cookies.txt[.com.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\1oqp22s3.default\cookies.txt[.2o7.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\1oqp22s3.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\1oqp22s3.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\80cg2jha.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\80cg2jha.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\80cg2jha.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\80cg2jha.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\80cg2jha.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\80cg2jha.default\cookies.txt[.ehg-idg.hitbox.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\80cg2jha.default\cookies.txt[.statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\80cg2jha.default\cookies.txt[.statse.webtrendslive.com/dcsgcxwngpifwznfzlmv83o6w_5w4m]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\80cg2jha.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\80cg2jha.default\cookies.txt[.data.coremetrics.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\80cg2jha.default\cookies.txt[.com.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\80cg2jha.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\80cg2jha.default\cookies.txt[.2o7.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\80cg2jha.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\80cg2jha.default\cookies.txt[.zedo.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@2o7[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@ad.sensismediasmart.com[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@atwola[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@burstnet[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@com[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@ct.360i[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@did-it[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@dist.belnk[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@gostats[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@go[2].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@kount[2].txt
Spyware:Cookie/LinkExchange Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@linkexchange[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@rightmedia[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@serving-sys[2].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@smni[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@statse.webtrendslive[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@target[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@webpower[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@www.burstbeacon[1].txt
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@www.web-stat[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@xiti[2].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230\WINDOWS\system32\config\systemprofile\Cookies\owner@yadro[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/1oqp22s3.default/cookies.txt][.atdmt.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/1oqp22s3.default/cookies.txt][.overture.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/1oqp22s3.default/cookies.txt][.statcounter.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/1oqp22s3.default/cookies.txt][.ads.pointroll.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/1oqp22s3.default/cookies.txt][.hitbox.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/1oqp22s3.default/cookies.txt][.bs.serving-sys.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/1oqp22s3.default/cookies.txt][.zedo.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/1oqp22s3.default/cookies.txt][.apmebf.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/1oqp22s3.default/cookies.txt][.statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/1oqp22s3.default/cookies.txt][.statse.webtrendslive.com/dcsgcxwngpi
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/1oqp22s3.default/cookies.txt][.mediaplex.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/1oqp22s3.default/cookies.txt][.ehg-idg.hitbox.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/1oqp22s3.default/cookies.txt][.serving-sys.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/1oqp22s3.default/cookies.txt][.data.coremetrics.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/1oqp22s3.default/cookies.txt][.com.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/1oqp22s3.default/cookies.txt][.2o7.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/1oqp22s3.default/cookies.txt][.questionmarket.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/1oqp22s3.default/cookies.txt][.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/80cg2jha.default/cookies.txt][.atdmt.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/80cg2jha.default/cookies.txt][.zedo.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/80cg2jha.default/cookies.txt][.hitbox.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/80cg2jha.default/cookies.txt][.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/80cg2jha.default/cookies.txt][.mediaplex.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/80cg2jha.default/cookies.txt][.ehg-idg.hitbox.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/80cg2jha.default/cookies.txt][.statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/80cg2jha.default/cookies.txt][.statse.webtrendslive.com/dcsgcxwngpi
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/80cg2jha.default/cookies.txt][.serving-sys.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/80cg2jha.default/cookies.txt][.data.coremetrics.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/80cg2jha.default/cookies.txt][.com.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/80cg2jha.default/cookies.txt][.bs.serving-sys.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/80cg2jha.default/cookies.txt][.2o7.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/80cg2jha.default/cookies.txt][.questionmarket.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Application Data/Mozilla/Firefox/Profiles/80cg2jha.default/cookies.txt][.zedo.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@112.2o7[2].txt]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@2o7[2].txt]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@ad.sensismediasmart.com[1].txt]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@ad.yieldmanager[1].txt]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@atwola[1].txt]
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@banner[1].txt]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@belnk[1].txt]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@burstnet[1].txt]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@com[1].txt]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@ct.360i[2].txt]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@did-it[2].txt]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@dist.belnk[2].txt]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@gostats[2].txt]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@go[2].txt]
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@kount[2].txt]
Spyware:Cookie/LinkExchange Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@linkexchange[1].txt]
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@rightmedia[1].txt]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@serving-sys[2].txt]
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@smni[1].txt]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@statse.webtrendslive[2].txt]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@target[1].txt]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@webpower[2].txt]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@www.burstbeacon[1].txt]
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@www.web-stat[2].txt]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@xiti[2].txt]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Owner\Desktop\BrandNew Docs\My Backup -- 16-10-05 2230.zip[My Backup -- 16-10-05 2230/WINDOWS/system32/config/systemprofile/Cookies/owner@yadro[2].txt]
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\96055_5fa90a0c0_[cookies.txt][.statcounter.com/]
Spyware:Cookie/Go Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\96055_5fa90a0c0_[cookies.txt][.go.com/]
Spyware:Cookie/Com.com Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\96055_5fa90a0c0_[cookies.txt][.com.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\96055_5fa90a0c0_[cookies.txt][.bravenet.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\96055_5fa90a0c0_[cookies.txt][server.iad.liveperson.net/hc/11906334]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\96055_5fa90a0c0_[cookies.txt][server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\96055_5fa90a0c0_[cookies.txt][server.iad.liveperson.net/hc/58066387]
Spyware:Cookie/Apmebf Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\96055_5fa90a0c0_[cookies.txt][.apmebf.com/]
Spyware:Cookie/Atwola Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\96055_5fa90a0c0_[cookies.txt][.atwola.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\96055_5fa90a0c0_[cookies.txt][server.iad.liveperson.net/hc/29306286]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\96055_5fa90a0c0_[cookies.txt][server.iad.liveperson.net/hc/48709310]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\96055_5fa90a0c0_[cookies.txt][ad.yieldmanager.com/]
Spyware:Cookie/Valueclick Not disinfected C:\RecoveryBin\Volume-c79b791b-eb0d-4801-bb35-51878283df1e\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o20muzm7.default\cookies.txt(01C5D30DBEC500D0).moztmp[.valueclick.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RecoveryBin\Volume-c79b791b-eb0d-4801-bb35-51878283df1e\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o20muzm7.default\cookies.txt(01C5D30DBEC500D0).moztmp[.server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RecoveryBin\Volume-c79b791b-eb0d-4801-bb35-51878283df1e\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o20muzm7.default\cookies.txt(01C5D30DBEC500D0).moztmp[.server.iad.liveperson.net/hc/5296924]
Spyware:Cookie/Statcounter Not disinfected C:\RecoveryBin\Volume-c79b791b-eb0d-4801-bb35-51878283df1e\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o20muzm7.default\cookies.txt(01C5D30DBEC500D0).moztmp[.statcounter.com/]
Spyware:Cookie/Bfast Not disinfected C:\RecoveryBin\Volume-c79b791b-eb0d-4801-bb35-51878283df1e\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o20muzm7.default\cookies.txt(01C5D30DBEC500D0).moztmp[.bfast.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\RecoveryBin\Volume-c79b791b-eb0d-4801-bb35-51878283df1e\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o20muzm7.default\cookies.txt(01C5D30DBEC500D0).moztmp[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\RecoveryBin\Volume-c79b791b-eb0d-4801-bb35-51878283df1e\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o20muzm7.default\cookies.txt(01C5D30DBEC500D0).moztmp[.tribalfusion.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RecoveryBin\Volume-c79b791b-eb0d-4801-bb35-51878283df1e\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o20muzm7.default\cookies.txt(01C5D30DBEC500D0).moztmp[.statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RecoveryBin\Volume-c79b791b-eb0d-4801-bb35-51878283df1e\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o20muzm7.default\cookies.txt(01C5D30DBEC500D0).moztmp[.statse.webtrendslive.com/S151311]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RecoveryBin\Volume-c79b791b-eb0d-4801-bb35-51878283df1e\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o20muzm7.default\cookies.txt(01C5D30DBEC500D0).moztmp[.statse.webtrendslive.com/S146260]
Spyware:Cookie/Hitbox Not disinfected C:\RecoveryBin\Volume-c79b791b-eb0d-4801-bb35-51878283df1e\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o20muzm7.default\cookies.txt(01C5D30DBEC500D0).moztmp[.hitbox.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\RecoveryBin\Volume-c79b791b-eb0d-4801-bb35-51878283df1e\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o20muzm7.default\cookies.txt(01C5D30DBEC500D0).moztmp[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\RecoveryBin\Volume-c79b791b-eb0d-4801-bb35-51878283df1e\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o20muzm7.default\cookies.txt(01C5D30DBEC500D0).moztmp[.questionmarket.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\RecoveryBin\Volume-c79b791b-eb0d-4801-bb35-51878283df1e\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o20muzm7.default\cookies.txt(01C5D30DBEC500D0).moztmp[.bluestreak.com/]
Spyware:Cookie/Overture Not disinfected C:\RecoveryBin\Volume-c79b791b-eb0d-4801-bb35-51878283df1e\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\o20muzm7.default\cookies.txt(01C5D30DBEC500D0).moztmp[.perf.overture.com/]
Spyware:Cookie/2o7 Not disinfected F:\My Backup -- 16-10-05 2230\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\owner@2o7[2].txt
Spyware:Cookie/Com.com Not disinfected F:\My Backup -- 16-10-05 2230\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\owner@ad.sensismediasmart.com[1].txt
Spyware:Cookie/Atwola Not disinfected F:\My Backup -- 16-10-05 2230\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\owner@atwola[1].txt
Spyware:Cookie/Banner Not disinfected F:\My Backup -- 16-10-05 2230\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\owner

#4 drbandage

New Member

New Member
10 posts

Posted 01 March 2007 - 11:42 AM

Hijackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:35:24 AM, on 3/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ENCOREPRO\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\hijackthis(2)\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: MS SQL Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Options - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: bw+0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw+0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw-0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw-0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw00 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw00s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw10 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw10s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw20 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw20s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw30 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw30s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw40 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw40s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw50 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw50s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw60 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw60s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw70 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw70s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw80 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw80s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw90 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw90s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwa0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwa0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwb0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwb0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwc0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwc0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwd0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwd0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwe0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwe0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwf0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwf0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwg0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwh0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwh0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwi0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwi0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwj0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwj0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwk0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwk0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwl0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwl0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwm0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwm0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwn0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwn0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwo0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwo0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwp0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwp0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwq0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwq0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwr0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwr0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bws0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bws0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwt0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwt0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwu0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwu0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwv0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwv0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bww0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bww0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwx0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwx0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwy0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwy0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwz0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwz0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: offline-8876480 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MSSQL$ENCOREPRO - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$ENCOREPRO\Binn\sqlservr.exe" -sENCOREPRO (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SQLAgent$ENCOREPRO - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$ENCOREPRO\Binn\sqlagent.EXE" -i ENCOREPRO (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Web Update Service by PowerProgrammer (WebUpdate) - Unknown owner - C:\WINDOWS\system32\WebUpdateSvc.exe (file missing)

Thank you again for you kindness in helping me with this. I very much appreciate it.

best,

drB

#5 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 01 March 2007 - 12:56 PM

You need to run Panda or Housecall with Internet Explorer, they won't run with Firefox. But what it found was not bad so lets not worry about it.

The latest version of Firefox is 2.0.0.2, if your using an older version, you can download and install the newest version, it may clear up your problems with it closing. No need to uninstall the older version, it will install on top of it.
http://www.mozilla.com/en-US/

It looks like the uninstall of Desktop Messenger left some entries behind.

You can fix all these with HJT.

O18 - Protocol: bw+0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw+0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw-0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw-0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw00 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw00s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw10 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw10s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw20 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw20s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw30 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw30s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw40 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw40s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw50 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw50s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw60 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw60s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw70 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw70s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw80 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw80s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw90 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bw90s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwa0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwa0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwb0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwb0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwc0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwc0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwd0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwd0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwe0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwe0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwf0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwf0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwg0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwh0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwh0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwi0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwi0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwj0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwj0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwk0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwk0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwl0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwl0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwm0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwm0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwn0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwn0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwo0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwo0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwp0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwp0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwq0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwq0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwr0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwr0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bws0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bws0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwt0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwt0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwu0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwu0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwv0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwv0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bww0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bww0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwx0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwx0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwy0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwy0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwz0 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: bwz0s - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)
O18 - Protocol: offline-8876480 - {CFE34FDA-E620-4B55-8F15-C7D1FDFBCC77} - (no file)

The rest of your log looks fine :thumbup:

I am not seeing any malware or viruses on it. This could well be a windows problem, try this, you may or may not need the windows XP Cd depending on how the manufactures set up your system.

Click Start>Run
Type in sfc /scannow, hit Enter.
Note: there is a space between sfc and /scannow
This should replace any corrupted/missing system files and will hopefully fix things.
You may need your XP disc in your CD drive for this.

Let me see a new HJT log and let me know if this helped, if not I will direct you to some windows support sites that deal with that sort of thing as this forum is for the removal of malware.

Ken

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#6 drbandage

New Member

New Member
10 posts

Posted 01 March 2007 - 03:20 PM

[*] Type in sfc /scannow, hit Enter.
[*] Note: there is a space between sfc and /scannow
[*] This should replace any corrupted/missing system files and will hopefully fix things.
You may need your XP disc in your CD drive for this.
[/list]Let me see a new HJT log and let me know if this helped, if not I will direct you to some windows support sites that deal with that sort of thing as this forum is for the removal of malware.

Ken

Hi -
I did run the scannonw, but all I got was a brief glimpse of a smallish rectangular screen, apparently without any items listed.

Here's my most recent HJT log.

Thanks.
Logfile of HijackThis v1.99.1
Scan saved at 1:09:05 PM, on 3/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ENCOREPRO\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\hijackthis(2)\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: MS SQL Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Options - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MSSQL$ENCOREPRO - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$ENCOREPRO\Binn\sqlservr.exe" -sENCOREPRO (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SQLAgent$ENCOREPRO - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$ENCOREPRO\Binn\sqlagent.EXE" -i ENCOREPRO (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Web Update Service by PowerProgrammer (WebUpdate) - Unknown owner - C:\WINDOWS\system32\WebUpdateSvc.exe (file missing)

#7 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 01 March 2007 - 05:06 PM

drbandage

No need to quote me, its just using precious server space and its hard on my eyes

Amazon Unbox Video Service <-- This is a perfectly legal program but the reviews have not been good, it appears that its a little buggy and has caused some problems. Its your call but you can try uninstalling it and see if your problems go away, if not you can always reinstall it if you wish.

The rest of your log looks fine. :thumbup:

Lets run the trial of AVG Anti Spyware, its a great program for flushing bad things out that may not be on your HJT log.

Download and install the 30 day trial of AVG Anti-Spyware 7.5 to your desktop.

Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG and update the definition files.
On the main screen select the icon Update then select the Update now link.
Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
Once in the Settings screen click on Recommended actions and then select Quarantine <-- Dont forget this
Under Reports
Select Automatically generate report after every scan
Un-Select Only if threats were found
Close AVG Anti-Spyware 7.5 <-- Do not run the scan yet.

Boot your computer into Safemode

Go to Start> Shut Off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly.
This will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to SAFEMODE
Then press the Enter on your Keyboard

Tutorial if you need it How to boot into Safemode

IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning process:

Launch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
AVG will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select Apply all actions
Next select the Reports icon at the top.
Select the Save report as button in the lower left hand of the screen and save it to a text file on your system
make sure to remember where you saved that file, this is important
Close AVG Anti-Spyware 7.5

All I need to see is the AVG report. Take your time because I will be offline from around 10 this evening until Sunday night .

Ken

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#8 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 11 March 2007 - 06:38 AM

This topic is being closed due to lack of response, if you need this topic reopened, please request this by sending an email to us at the following link
(Click for address)
Include your post user name and detail why you need it reopened with a valid link to your post.
Any bad links or emails that are not from the original poster will be deleted without response.
Any emails without the subject "Reopen" will be deleted without being looked at.

If this is not your thread please start a New Topic.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Body Background

skin color theme