Taskman, Regedit disappear ......... (RESOLVED)

**LOCALACCT** · 19-04-2006

.....And network dies after 1 - 2 hours even though cable modem and router seem fine and accessable thru lan. some games will still play if im already connected to server and dont leave. adaware and spybot finds nothing, and have been correctly configured. here is my hyjack this log:

Code:

Logfile of HijackThis v1.99.1
Scan saved at 4:07:55 PM, on 4/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jonas187\My Documents\Unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: FriendFinder Messenger.lnk = C:\Program Files\FriendFinder Messenger\FriendFinder Messenger\FFIMC.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118431581963
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124056829074
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.18.39/ttinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Hints - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

please help me!

**VopThis** · 19-04-2006

Please download the latest version of Look2Me-Remover.exe to your desktop.
http://www.atribune.org/ccount/click.php?id=7

* Close all windows before continuing.
* Double-click Look2Me-Remover.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Remover will close and re-open in approximately 10 seconds. Click OK
* When Look2Me-Remover re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Remover will now shutdown your computer, click OK.
* Your computer will then shutdown.
* Turn your computer back on.
* Please post the contents of C:\Look2Me-Remover.txt and a new HiJackThis log.

If you receive a message from your firewall about this program accessing the Internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new...b/MSWINSCK.OCX

**LOCALACCT** · 19-04-2006

the program you directed me to does not work correctly the scan button is greyed out but there is a check box that says run as task. so i click it and it says in approx 1 min it will reopen so i can scan but nothing happens even after 20 mins

EDIT: NVM i went to webpage of the site is says i must reboot if it does not reappear will try that first. ATM im using Symantec Spyware.Look2Me removal tool ver 1.0.1 Symantec found nothing

**VopThis** · 19-04-2006

You MAY have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, NOTEPAD will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

If you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and Microsoft windows applications. Choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. Do not run the fix portion without fixing this first.

**LOCALACCT** · 20-04-2006

BTW the program earlier mentioned did not work even after reboot.

Code:

L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{6EE51AA0-77A0-11D7-B4E1-000347126E46}"="Window Washer Shredding Utility"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel"
"{29e3fb5b-cf62-45b5-b8bf-1ad500385fc7}"="Shell Context Menu Handler for Application References"
"{29e3fb5b-cf62-45b5-b8bf-1ad500385fc6}"="Shell Context Menu Handler for Application Manifests"
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References"
"{8DB493EA-B2AD-42EC-AC53-3D95A528A3B5}"="FppIconOverlay extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{62CEC5C9-4B3F-4BE8-897B-C08CAA114FAA}"="Bitcollider Shell Extension"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{EBDF1F20-C829-11D1-8233-0020AF3E97A9}"="Format Secure Shell Extension"
"{E81E445E-2750-4D0E-8B3B-1B7F17E60C01}"="XeruImageConverterSupportedExtension"
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"="UnlockerShellExtension"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{36518101-49AC-42CB-8E4C-40C1F328A565}"="Rad2 Extension"
"{5380C14E-C0A1-4D66-87DB-5995E6FF4623}"="Rad Extension"
"{75B8D633-9021-442C-9EA4-FF4BE72CE20F}"="NRad2 Extension"
"{C6844A1E-2C59-415A-84B3-C6A458372779}"="RadType Extension"
"{D00900BC-23F7-4FD6-BFA2-8232112C5C49}"="NRad Extension"
"{D2FD83AE-994A-4D4B-9097-2C9E11ED85F0}"="RadClkr Extension"
"{7700EB62-DB7C-47AF-A092-04376CA1D24C}"="RadMnu Extension"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{D809E614-3F19-46BD-B776-47062DDBD077}"=""
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{D120D80B-BD26-4A74-8E43-2C2AF0966139}"="QuickPar ContextMenu extension"
"{CCA60260-A2C9-11D2-BA62-0020188191B2}"="Registrar Registry Manager SHell Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D809E614-3F19-46BD-B776-47062DDBD077}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D809E614-3F19-46BD-B776-47062DDBD077}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D809E614-3F19-46BD-B776-47062DDBD077}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D809E614-3F19-46BD-B776-47062DDBD077}\InprocServer32]
@="C:\\WINDOWS\\system32\\drvxdec_040c.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
   sirenacm.dll   Tue Jan 24 2006   3:34:24p  A....        118,784   116.00 K
   winsusrm.dll   Fri Apr 14 2006  12:03:02a  A....            264     0.26 K

2 items found:  2 files, 0 directories.
   Total of file sizes:  119,048 bytes    116.26 K
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
   ms-ds5~1.tmp   Sun Apr 16 2006   4:46:04a  A....         21,504    21.00 K

1 item found:  1 file, 0 directories.
   Total of file sizes:  21,504 bytes     21.00 K
**********************************************************************************
Directory Listing of system files:
 Volume in drive C has no label.
 Volume Serial Number is 2C4B-3039

 Directory of C:\WINDOWS\System32

04/19/2006  07:18 PM    <DIR>          ..
04/19/2006  07:18 PM    <DIR>          .
01/08/2006  03:04 AM           237,114 drvxdec_040c.dll
01/08/2006  03:04 AM           233,718 p04u0ah9ed4.dll
01/08/2006  01:33 AM           237,114 k6jslg1716.dll
01/08/2006  01:02 AM           235,398 dtserver.dll
01/07/2006  05:12 AM           235,398 sxmpapi.dll
01/07/2006  04:42 AM           235,398 mhwebdvd.dll
01/07/2006  03:43 AM           235,398 mkwsock.dll
01/07/2006  03:43 AM           234,231 kt6ul7j91.dll
01/07/2006  01:14 AM           234,378 ogeaccrc.dll
07/13/2005  03:36 AM                56 83D5CDAD71.sys
06/10/2005  03:23 PM    <DIR>          Microsoft
06/10/2005  11:05 AM    <DIR>          dllcache
04/27/2005  04:54 AM           168,005 RadType.dll
04/27/2005  04:50 AM            65,536 RadRegs.dll
04/27/2005  04:50 AM           258,048 RadClkR.dll
04/27/2005  04:50 AM           557,056 RadMnu.dll
04/27/2005  04:49 AM           200,704 RadExe.dll
04/27/2005  04:49 AM           102,400 RadClock.exe
04/27/2005  04:48 AM           438,272 Rad.dll
04/27/2005  04:47 AM           176,128 NRad.dll
04/27/2005  04:47 AM             1,403 Probe.inf
04/27/2005  04:46 AM            20,428 RadProbe.sys
03/05/2005  01:24 PM             9,424 radregs.inf
03/05/2005  10:48 AM            61,440 RadEnu.dll
12/19/2004  07:52 PM            61,440 RadPlk.dll
12/07/2004  03:35 AM            61,440 RadNlb.dll
12/07/2004  03:33 AM            65,536 RadIta.dll
12/07/2004  03:33 AM            61,440 RadHun.dll
12/07/2004  03:30 AM            65,536 RadFra.dll
12/07/2004  03:29 AM            61,440 RadEsp.dll
11/28/2004  12:05 AM            61,440 RadDeu.dll
              29 File(s)      4,615,319 bytes
               4 Dir(s)   3,425,935,360 bytes free

**VopThis** · 20-04-2006

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, NOTEPAD will open with a log.

Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

If after the reboot the desktop icons don’t disappear or the log does not pop up then in the l2mfix folder double click the second.bat file to continue with the fix.

**LOCALACCT** · 20-04-2006

regedit and taskmon still disappear...BUT it did fix something as soon as the l2mfix was done the windows update came back and told me about updates

L2mfix 032106
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (140 bytes security) (deflated 40%)

Code:

Logfile of HijackThis v1.99.1
Scan saved at 7:57:20 PM, on 4/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jonas187\My Documents\Unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: FriendFinder Messenger.lnk = C:\Program Files\FriendFinder Messenger\FriendFinder Messenger\FFIMC.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118431581963
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124056829074
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.18.39/ttinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Hints - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

**VopThis** · 20-04-2006

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O20 - Winlogon Notify: Hints - C:\WINDOWS\

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.

Please download, install, update and scan your system with the free (trial) version of Ewido TROJAN scanner
[Developed for Windows 2000 and XP]:

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.

Note: Ewido is a free trial product for 14 days. Since Ewido is a trial version, the realtime guard and automatic update will stop functioning after 14 days. We are not installing the guard because it might interfere with the cleanup or the malware removal process. You can use Ewido as an on-demand scanner (recommended) but you will have to manually update the definition file each time you scan. If you decide to purchase Ewido, you can enable the 'Realtime Protect' and 'Automatic Update' functions by clicking on the 'Status' bar (Top left) and clicking on both items under "Your Security Status".

REBOOT.

**LOCALACCT** · 20-04-2006

Code:

---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:			10:54:03 PM, 4/19/2006
 + Report-Checksum:		2C261DAB

 + Scan result:

	C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfkikhdpico.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgk4upd5wgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkiqjdzmao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjk4clc5ebp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjk4whd5aao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkoejajcfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Amy\Cookies\amy@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
	C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjkoqid5igp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Amy\Cookies\amy@e-2dj6wjnywnc5oho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Amy\Cookies\amy@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup
	C:\Documents and Settings\Amy\Local Settings\Temporary Internet Files\Content.IE5\2DATCZQZ\ysb_download[1].cab/YSBactivex.dll -> Downloader.IstBar : Cleaned with backup
	C:\Documents and Settings\Amy\Local Settings\Temporary Internet Files\Content.IE5\KDUTW3SH\ysb_regular[1].cab/ysbactivex.dll -> Downloader.IstBar : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@ads43.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@ads49.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@cnetaustralia.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@cneteurope.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@com[2].txt -> TrackingCookie.Com : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@coxhsi.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wfk4amd5shq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wfk4emazecp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wfkicidpkbo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wfkienczggp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wfkookczgbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wfliald5gcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wfmykhdpcap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wgkikidzsgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wglykidpedo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wgmyaidzkcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wjk4ajazclq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wjk4ugdjklq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wjk4ujazwlq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wjk4umczolq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wjkowocjsko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wjkykpcpglp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wjl4ehdzceo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wjl4gkcjkkq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wjliejajiep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wjloajc5kdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wjloomd5ehp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wjlyandpsbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wjlyepc5gfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wjmychajagq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wjmygmazeho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wjnycnd5slq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@e-2dj6wjnyopc5mgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@gmditech.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@planetfungames.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@sec1.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@tgn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@wholesalemarketer.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
	C:\Documents and Settings\Jonas187\Cookies\jonas187@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
	C:\Documents and Settings\Jonas187\My Documents\forte_agent_keygen.exe -> Dropper.Small.aod : Cleaned with backup
	C:\Documents and Settings\Jonas187\My Documents\My Downloads\odbg110\hackpack.zip/GC.v2.1.exe -> Backdoor.Hupigon.hk : Cleaned with backup
	C:\Documents and Settings\Jonas187\My Documents\Release\GhostXDCS.exe -> Trojan.Mygot : Cleaned with backup
	C:\Documents and Settings\Jonas187\My Documents\Release.rar/GhostXDCS.exe -> Trojan.Mygot : Cleaned with backup
	C:\Documents and Settings\Jonas187\My Documents\UBot v2\Ubot.dll -> Backdoor.Agent.xn : Cleaned with backup
	C:\Documents and Settings\Jonas187\My Documents\UBot v2\Ubot.exe -> Backdoor.Agent.xn : Cleaned with backup
	C:\Documents and Settings\Jonas187\My Documents\UBot v2.rar/Ubot.exe -> Backdoor.Agent.xn : Cleaned with backup
	C:\Documents and Settings\Jonas187\My Documents\UBot v2.rar/Ubot.dll -> Backdoor.Agent.xn : Cleaned with backup
	C:\Documents and Settings\Jonas187\My Documents\UBot%20v2[1]\Ubot.dll -> Backdoor.Agent.xn : Cleaned with backup
	C:\Documents and Settings\Jonas187\My Documents\UBot%20v2[1]\Ubot.exe -> Backdoor.Agent.xn : Cleaned with backup
	C:\Documents and Settings\Jonas187\My Documents\UBot%20v2[1].rar/Ubot.dll -> Backdoor.Agent.xn : Cleaned with backup
	C:\Documents and Settings\Jonas187\My Documents\UBot%20v2[1].rar/Ubot.exe -> Backdoor.Agent.xn : Cleaned with backup
	C:\Program Files\Internet Explorer\PLUGINS\webcheck.dll -> Backdoor.IRCBot.oe : Cleaned with backup
	C:\Program Files\winsupdater\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
	C:\WINDOWS\l.dll -> Backdoor.IRCBot.oe : Cleaned with backup
	C:\WINDOWS\system32\drvxdec_040c.dll -> Adware.Look2Me : Cleaned with backup
	C:\WINDOWS\system32\dtserver.dll -> Adware.Look2Me : Cleaned with backup
	C:\WINDOWS\system32\k6jslg1716.dll -> Adware.Look2Me : Cleaned with backup
	C:\WINDOWS\system32\kt6ul7j91.dll -> Adware.Look2Me : Cleaned with backup
	C:\WINDOWS\system32\mhwebdvd.dll -> Adware.Look2Me : Cleaned with backup
	C:\WINDOWS\system32\mkwsock.dll -> Adware.Look2Me : Cleaned with backup
	C:\WINDOWS\system32\ogeaccrc.dll -> Adware.Look2Me : Cleaned with backup
	C:\WINDOWS\system32\p04u0ah9ed4.dll -> Adware.Look2Me : Cleaned with backup
	C:\WINDOWS\system32\sxmpapi.dll -> Adware.Look2Me : Cleaned with backup


::Report End

**VopThis** · 20-04-2006

POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.

Taskman, Regedit disappear ......... (RESOLVED)

Taskman, Regedit disappear ......... (RESOLVED)

Similar Threads

folder name disappear

help plz... run, task manager and regedit disabled (RESOLVED)

regedit/task manager disappear

regedit/task manager disappear

Taskmanager/msconfig/regedit disappear