Help with trojan and nvctrl.exe [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

Help with trojan and nvctrl.exe [RESOLVED]

Options

Rummbler View Member Profile	Mar 28 2006, 08:13 AM Post #1
Member Posts: 12 From: Leeuwarden, The Netherlands OS: Windows XP	Hi all, Since last Sunday I am being bothered by nvctrl.exe and/or SpywareQuake. I run Avast! Anti-Virus in the background all the time and Perfect Process Shield. I didn't stop the spyware from rumbling up the place. Anyway, as always, I tried to solve it first on my own. I downloaded Spyware Nuker NT and that program now has about 30 malware files in the 'excluded chamber'. Can't remove them via the program itself, I have to pay for that, and I won't. Also Prevx1 is monitoring in the background, but a couple times already it couldn't load up after a reboot, prob because of the malware. What I have done to try and resolve: I ran smitRem in safe mode and it gave this log: Microsoft Windows XP [Version 5.1.2600] The current date is: di 28-03-2006 The current time is: 13:59:44,54 Running from C:\Documents and Settings\Rummbler\Desktop\smitRem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run SharedTask Export (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright© 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! checking for WinHound.com key WinHound.com key not present! spyaxe uninstaller NOT present Winhound uninstaller NOT present SpywareStrike uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ Online Security Guide.url Security Troubleshooting.url ~~~ Favorites ~~~ ~~~ system32 folder ~~~ 1024 dir ld***.tmp ncompat.tlb ~~~ Icons in System32 ~~~ ts.ico ot.ico ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 752 'explorer.exe' Starting registry repairs Registry repairs complete ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SharedTask Export after registry fix (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright© 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deleting files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! After that I opened Ad Aware and it found and removed 2 or 3 file, not more. Then I ran an Ewido scan: ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 14:41:56, 28-3-2006 + Report-Checksum: ADB7668B + Scan result: C:\Documents and Settings\Rummbler\Cookies\rummbler@com[1].txt -> TrackingCookie.Com : Cleaned with backup ::Report End The I went to Control Panel > Display > Desktop > Customize Desktop > Web > but "Security Info" was not present, so I could not uncheck it. I rebooted back into Windows and did the Panda scan: Incident Status Location Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Rummbler\Cookies\rummbler@stat.onestat[2].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Rummbler\Desktop\smitRem\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Rummbler\Desktop\smitRem.exe[Process.exe] After that I scanned with WinPFind in safe-mode: WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Windows OS and Versions ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 6.0.2900.2180 ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Checking Selected Standard Folders ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Umonitor 26-3-2006 16:11:02 91171 C:\WINDOWS\pxinstall_log.txt Checking %System% folder... UPX! 28-1-2006 0:38:10 503296 C:\WINDOWS\SYSTEM32\aswBoot.exe aspack 18-3-2005 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll aspack 26-5-2005 16:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll PEC2 23-8-2001 14:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc PTech 12-7-2005 17:50:44 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL PECompact2 9-6-2005 23:14:14 1292120 C:\WINDOWS\SYSTEM32\MRT.exe aspack 9-6-2005 23:14:14 1292120 C:\WINDOWS\SYSTEM32\MRT.exe aspack 4-8-2004 9:56:36 708096 C:\WINDOWS\SYSTEM32\ntdll.dll Umonitor 4-8-2004 9:56:44 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll winsync 23-8-2001 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... PTech 4-8-2004 7:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 28-3-2006 15:39:08 S 2048 C:\WINDOWS\bootstat.dat 28-3-2006 14:49:16 H 0 C:\WINDOWS\LastGood\INF\oem77.inf 28-3-2006 14:49:16 H 0 C:\WINDOWS\LastGood\INF\oem77.PNF 28-3-2006 15:39:02 H 8192 C:\WINDOWS\system32\config\default.LOG 22-3-2006 16:14:24 H 0 C:\WINDOWS\system32\config\default_TU_51914.LOG 28-3-2006 15:39:14 H 1024 C:\WINDOWS\system32\config\SAM.LOG 22-3-2006 16:14:24 H 0 C:\WINDOWS\system32\config\SAM_TU_87499.LOG 28-3-2006 15:39:08 H 8192 C:\WINDOWS\system32\config\SECURITY.LOG 22-3-2006 16:14:24 H 0 C:\WINDOWS\system32\config\SECURITY_TU_21882.LOG 28-3-2006 15:40:00 H 81920 C:\WINDOWS\system32\config\software.LOG 22-3-2006 16:14:24 H 0 C:\WINDOWS\system32\config\software_TU_70985.LOG 28-3-2006 15:38:28 H 1024 C:\WINDOWS\system32\config\system.LOG 22-3-2006 16:14:24 H 0 C:\WINDOWS\system32\config\system_TU_22860.LOG 18-2-2006 18:08:00 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 23-2-2006 0:08:16 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\14056a24-d5f9-4eb8-a77c-cd16c328d56f 23-2-2006 0:08:16 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 28-3-2006 15:38:06 H 6 C:\WINDOWS\Tasks\SA.DAT 27-3-2006 22:15:42 HS 18944 C:\WINDOWS\Web\Wallpaper\Thumbs.db Checking for CPL files... Microsoft Corporation 4-8-2004 9:56:58 68608 C:\WINDOWS\SYSTEM32\access.cpl Realtek Semiconductor Corp. 26-7-2005 10:16:00 18751488 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL Microsoft Corporation 4-8-2004 9:56:58 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 4-8-2004 9:56:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl Microsoft Corporation 4-8-2004 9:56:58 135168 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 4-8-2004 9:56:58 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 4-8-2004 9:56:58 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 4-8-2004 9:56:58 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 4-8-2004 9:56:58 129536 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 4-8-2004 9:56:58 380416 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 4-8-2004 9:56:58 68608 C:\WINDOWS\SYSTEM32\joy.cpl Sun Microsystems, Inc. 10-11-2005 14:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl Microsoft Corporation 23-8-2001 14:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 4-8-2004 9:56:58 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 23-8-2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 4-8-2004 9:56:58 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 4-8-2004 9:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl NVIDIA Corporation 12-5-2005 0:34:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl Microsoft Corporation 23-8-2001 14:00:00 36864 C:\WINDOWS\SYSTEM32\nwc.cpl Microsoft Corporation 4-8-2004 9:56:58 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 4-8-2004 9:56:58 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl Microsoft Corporation 4-8-2004 9:56:58 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 23-8-2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 4-8-2004 9:56:58 94208 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 4-8-2004 9:56:58 148480 C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 26-5-2005 4:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 4-8-2004 9:56:58 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl Microsoft Corporation 23-8-2001 14:00:00 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 23-8-2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 4-8-2004 9:56:58 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl Microsoft Corporation 23-8-2001 14:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl Microsoft Corporation 23-8-2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 4-8-2004 9:56:58 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl Microsoft Corporation 26-5-2005 4:16:30 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl Socket Communications Inc. 18-4-2005 5:58:00 R 73728 C:\WINDOWS\SYSTEM32\drivers\SCBaud.cpl Realtek Semiconductor Corp. 26-7-2005 10:16:00 18751488 C:\WINDOWS\SYSTEM32\ReinstallBackups\0001\DriverFiles\ALSNDMGR.CPL ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Checking Selected Startup Folders ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Checking files in %ALLUSERSPROFILE%\Startup folder... 21-3-2006 20:14:36 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk 27-11-2004 17:53:22 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini Checking files in %ALLUSERSPROFILE%\Application Data folder... 28-11-2004 0:52:06 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini 9-7-2005 13:41:38 387 C:\Documents and Settings\All Users\Application Data\hpzinstall.log Checking files in %USERPROFILE%\Startup folder... 27-11-2004 17:53:22 HS 84 C:\Documents and Settings\Rummbler\Start Menu\Programs\Startup\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 28-11-2004 0:52:06 HS 62 C:\Documents and Settings\Rummbler\Application Data\desktop.ini ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Checking Selected Registry Keys ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] SV1 = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\\shellex\ContextMenuHandlers\avast {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll HKEY_CLASSES_ROOT\\shellex\ContextMenuHandlers\ewido {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll HKEY_CLASSES_ROOT\\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\\shellex\ContextMenuHandlers\SolidConverterPDF {259F616C-A300-44F5-B04A-ED001A26C85C} = C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll HKEY_CLASSES_ROOT\\shellex\ContextMenuHandlers\TuneUp Shredder {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Program Files\TuneUp Utilities 2006\sdshelex.dll" HKEY_CLASSES_ROOT\\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKEY_CLASSES_ROOT\\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SolidConverterPDF {259F616C-A300-44F5-B04A-ED001A26C85C} = C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TuneUp Shredder {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Program Files\TuneUp Utilities 2006\sdshelex.dll" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882} = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tip of the Day = %SystemRoot%\System32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {62999427-33FC-4baf-9C9C-BCE6BD127F08} = : {259F616C-A300-44F5-B04A-ED001A26C85C} = Solid Converter PDF : C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} ButtonText = Spyware Doctor : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} ButtonText = Onderzoek : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD} Shell Search Band = %SystemRoot%\system32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38} Search Band = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} Favorites Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} History Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{FF059E31-CC5A-4E2E-BF3B-96E929D65503} &Onderzoek = C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {2318C2B1-4965-11D4-9B18-009027A5CD4F} = : {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] MessengerPlus3 "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup nwiz nwiz.exe /install NvMediaCenter RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit BluetoothAuthenticationAgent rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent SoundMan SOUNDMAN.EXE avast! C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe {0228e555-4f9c-4e35-a3ec-b109a192b4c2} C:\Program Files\Google\Gmail Notifier\gnotify.exe Perfect Process shield C:\Program Files\Perfect Process\ppshield.exe PrevxOne C:\Program Files\Prevx1\PXConsole.exe SWN2 C:\Program Files\Spyware Nuker\swnxt.exe /h [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] TuneUp MemOptimizer "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 0 bootini 0 services 0 startup 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer NoActiveDesktopChanges 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 DisableTaskMgr 0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop NoChangingWallPaper 0 NoAddingComponents 0 NoComponents 0 NoDeletingComponents 0 NoEditingComponents 0 NoCloseDragDropBands 0 NoMovingBands 0 NoHTMLWallPaper 0 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 0 NoActiveDesktop 0 NoSaveSettings 0 ClassicShell 0 NoThemesTab 0 ForceActiveDesktopOn 0 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System DisableTaskMgr 0 NoDispAppearancePage 0 NoColorChoice 0 NoSizeChoice 0 NoDispBackgroundPage 0 NoDispScrSavPage 0 NoDispCPL 0 NoVisualStyleChoice 0 NoDispSettingsPage 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ Scan Complete ЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛЛ WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 28-3-2006 15:44:48 Rebooted back in normal mode and did Track qoo.vbs: REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\"" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "SoundMan"="SOUNDMAN.EXE" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe" "Perfect Process shield"="C:\\Program Files\\Perfect Process\\ppshield.exe" "PrevxOne"="C:\\Program Files\\Prevx1\\PXConsole.exe" "SWN2"="C:\\Program Files\\Spyware Nuker\\swnxt.exe /h" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" ----------------- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers Subkey --- avast {472083B0-C522-11CF-8763-00608CC02F24} C:\Program Files\Alwil Software\Avast4\ashShell.dll Subkey --- ewido {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} C:\Program Files\ewido\security suite\context.dll Subkey --- Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} C:\WINDOWS\System32\cscui.dll Subkey --- Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} C:\WINDOWS\system32\SHELL32.dll Subkey --- Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} C:\WINDOWS\system32\SHELL32.dll Subkey --- SolidConverterPDF {259F616C-A300-44F5-B04A-ED001A26C85C} C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll Subkey --- TuneUp Shredder {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} "C:\Program Files\TuneUp Utilities 2006\sdshelex.dll" Subkey --- WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\rarext.dll Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin C:\WINDOWS\system32\SHELL32.dll Subkey --- {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll ===================== HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871} C:\WINDOWS\system32\SHELL32.dll Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF} C:\WINDOWS\system32\SHELL32.dll Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF} C:\WINDOWS\system32\SHELL32.dll Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE} C:\WINDOWS\system32\SHELL32.dll Subkey --- {7D4D6379-F301-4311-BEBA-E26EB0561882} C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll ============================== C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk desktop.ini ============================== C:\Documents and Settings\Rummbler\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk desktop.ini desktop.ini ============================== C:\WINDOWS\system32 cpl files access.cpl Microsoft Corporation ALSNDMGR.CPL Realtek Semiconductor Corp. appwiz.cpl Microsoft Corporation bthprops.cpl Microsoft Corporation desk.cpl Microsoft Corporation firewall.cpl Microsoft Corporation hdwwiz.cpl Microsoft Corporation inetcpl.cpl Microsoft Corporation intl.cpl Microsoft Corporation irprops.cpl Microsoft Corporation joy.cpl Microsoft Corporation jpicpl32.cpl Sun Microsystems, Inc. main.cpl Microsoft Corporation mmsys.cpl Microsoft Corporation ncpa.cpl Microsoft Corporation netsetup.cpl Microsoft Corporation nusrmgr.cpl Microsoft Corporation nvtuicpl.cpl NVIDIA Corporation nwc.cpl Microsoft Corporation odbccp32.cpl Microsoft Corporation powercfg.cpl Microsoft Corporation sysdm.cpl Microsoft Corporation telephon.cpl Microsoft Corporation timedate.cpl Microsoft Corporation wscui.cpl Microsoft Corporation wuaucpl.cpl Microsoft Corporation Last but not least I did an Hijack Scan: Logfile of HijackThis v1.99.1 Scan saved at 16:10:28, on 28-3-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Perfect Process\ppshield.exe C:\Program Files\Prevx1\PXConsole.exe C:\Program Files\Spyware Nuker\swnxt.exe C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Prevx1\PXAgent.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\WINDOWS\system32\spupdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\spnpinst.exe C:\WINDOWS\system32\Sysocmgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\uWDF.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\DAP\DAP.EXE C:\Documents and Settings\Rummbler\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geenstijl.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [Perfect Process shield] C:\Program Files\Perfect Process\ppshield.exe O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1101572226390 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: bw+0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {

Rummbler View Member Profile	Mar 28 2006, 08:16 AM Post #2
Member Posts: 12 From: Leeuwarden, The Netherlands OS: Windows XP	Appearantly my post was too long Here's the Hijack file again: Logfile of HijackThis v1.99.1 Scan saved at 16:10:28, on 28-3-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Perfect Process\ppshield.exe C:\Program Files\Prevx1\PXConsole.exe C:\Program Files\Spyware Nuker\swnxt.exe C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Prevx1\PXAgent.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\WINDOWS\system32\spupdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\spnpinst.exe C:\WINDOWS\system32\Sysocmgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\uWDF.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\DAP\DAP.EXE C:\Documents and Settings\Rummbler\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geenstijl.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [Perfect Process shield] C:\Program Files\Perfect Process\ppshield.exe O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1101572226390 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: bw+0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: offline-8876480 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing) O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe Are there still suspicous things to be sorted?

Rummbler

Mar 28 2006, 08:31 AM

Post #3

Member

Posts: 12
From: Leeuwarden, The Netherlands
OS: Windows XP

Included an screenshot of Spyware Nuker Exclude Section. Should I manually delete the files?

Attached thumbnail(s)

Toscane View Member Profile	Mar 31 2006, 08:50 AM Post #4
Visiting Staff Posts: 38 OS: XP pro	Welcome to G2G, * Download Roguescanfix from here: Roguescanfix (English version) Unzip it to your desktop. Doubleclick roguescanfix.exe Click the 'install' button. This will create a new folder on your desktop called Roguescanfix. Open that folder and doubleclick: Run.bat Note: This tool needs internet connection because it downloads an additional file to let the tool work properly. If your firewall gives an alert, allow it instead of blocking it. In case you still get the message BFU.exe is not present, download BFU.zip from here. Unzip it and place BFU.exe in the Roguescanfix-folder. Then doubleclick Run.bat again. Make sure all IE windows are closed. Execute the script by clicking the Execute button. The tool will uninstall some programs and delete related files and registrykeys. When some files won't get deleted, it will ask you to reboot your system to delete the files after reboot. Please make sure the uninstall of the programs are finished before you click Yes to reboot. I see you are using DAP. This program is an optional to delete because of the spyware. Alternative Downloadmanagers Please show a new HJT log and tell me if there are still problems. This post has been edited by Toscane: Mar 31 2006, 08:53 AM

Rummbler View Member Profile	Mar 31 2006, 09:39 AM Post #5
Member Posts: 12 From: Leeuwarden, The Netherlands OS: Windows XP	I did the Rogue scanfix as you suggested. It didn't uninstall any programs nor did it ask me to reboot the pc. I rebooted nonetheless. After that my system crashed and I had to reboot again. This is the log of Rogue scanfix: BFU v1.00.9 Windows XP SP2 (WinNT 5.01.2600 SP2) Script started at 17:29:06, on 31-3-2006 Option pause between commands: 100 ms Failed: FileDelete C:\Documents and Settings\Rummbler\Application Data\Microsoft\Internet Explorer\QuickLaunch\SpyFalcon. (operation failed) Failed: FileDelete C:\Documents and Settings\Rummbler\Application Data\Microsoft\Internet Explorer\QuickLaunch\SpywareQuake. (operation failed) Failed: FolderDelete C:\Program Files\spyfalcon (folder not found) Failed: FolderDelete C:\Documents and Settings\Rummbler\Start Menu\Programs\SpyFalcon (folder not found) Failed: FolderDelete C:\Documents and Settings\Rummbler\Start Menu\Programs\SpywareQuake (folder not found) Failed: FolderDelete C:\Program Files\SpywareQuake (folder not found) Failed: FolderDelete C:\WINDOWS\system32\1024 (folder not found) Script completed. Then I did an HJ scan: Logfile of HijackThis v1.99.1 Scan saved at 17:32:35, on 31-3-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Perfect Process\ppshield.exe C:\Program Files\Spyware Nuker\swnxt.exe C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Prevx1\PXAgent.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\WINDOWS\system32\spupdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\spnpinst.exe C:\WINDOWS\system32\Sysocmgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Documents and Settings\Rummbler\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geenstijl.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [Perfect Process shield] C:\Program Files\Perfect Process\ppshield.exe O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1101572226390 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: bw+0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: offline-8876480 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing) O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Toscane View Member Profile	Mar 31 2006, 10:13 AM Post #6
Visiting Staff Posts: 38 OS: XP pro	I guess your antispyware protection was the cause of the fix failed: We need to disable SpywareGuard as it may interfere with the fixes that we need to make. Right click the running icon of Spywareguard, it will open the program. Then go to Menu, file, exit. Then confirm the program is closed. RunRoguescanfix again according to the former advise. Reboot the computer. After the fix is complete it is very important that you enable Real-time Protection again. Please go to: start-->run and type this in: notepad click OK Open notepad Copy and past below bold text in the window regedit /e running.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" Now double click on regfix.bat and A file named running.txt now appears on your desktop Dubbelclick this file running.txt Notepad will open. Select all (ctr+A), copy and past it in your next post.

Rummbler View Member Profile	Mar 31 2006, 10:17 AM Post #7
Member Posts: 12 From: Leeuwarden, The Netherlands OS: Windows XP	Spyware Nuker XT is also running in the background. Should I disable/de-install this aswell? It holds quite a few malware files in it's quarantaine box (check my screenshot in my 3rd post), which can't be found manually because of it. This post has been edited by Rummbler: Mar 31 2006, 10:17 AM

Rummbler View Member Profile	Mar 31 2006, 10:59 AM Post #8
Member Posts: 12 From: Leeuwarden, The Netherlands OS: Windows XP	Did Rogue scanfix with, and without Spyware Nuker (de-installed it). Both times no programs were deleted nor did it ask me anything. The log: BFU v1.00.9 Windows XP SP2 (WinNT 5.01.2600 SP2) Script started at 18:56:42, on 31-3-2006 Option pause between commands: 100 ms Failed: FileDelete C:\Documents and Settings\Rummbler\Application Data\Microsoft\Internet Explorer\QuickLaunch\SpyFalcon. (operation failed) Failed: FileDelete C:\Documents and Settings\Rummbler\Application Data\Microsoft\Internet Explorer\QuickLaunch\SpywareQuake. (operation failed) Failed: FolderDelete C:\Program Files\spyfalcon (folder not found) Failed: FolderDelete C:\Documents and Settings\Rummbler\Start Menu\Programs\SpyFalcon (folder not found) Failed: FolderDelete C:\Documents and Settings\Rummbler\Start Menu\Programs\SpywareQuake (folder not found) Failed: FolderDelete C:\Program Files\SpywareQuake (folder not found) Failed: FolderDelete C:\WINDOWS\system32\1024 (folder not found) Script completed. And where do I find regfix.bat? It doesn't show anywhere.

Toscane View Member Profile	Mar 31 2006, 11:16 AM Post #9
Visiting Staff Posts: 38 OS: XP pro	Sorry, something went wrong during translation of my usual canned: Please go to: start-->run and type this in: notepad click OK Open notepad Copy and past below bold text in the window regedit /e running.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" Save this file as: lookrunnings.bat at your desktop. Make sure you choose to save as *all files Now double click on lookrunnings.bat and A file named running.txt now appears on your desktop Dubbelclick this file running.txt Notepad will open. Select all (ctr+A), copy and past it in your next post.

Rummbler View Member Profile	Mar 31 2006, 11:28 AM Post #10
Member Posts: 12 From: Leeuwarden, The Netherlands OS: Windows XP	Here you go m8: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\"" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "SoundMan"="SOUNDMAN.EXE" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe" "Perfect Process shield"="C:\\Program Files\\Perfect Process\\ppshield.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1"

Toscane View Member Profile	Mar 31 2006, 01:51 PM Post #11
Visiting Staff Posts: 38 OS: XP pro	Looks fine Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) Click on Fix Checked when finished and exit HijackThis. Please empty the quarantaine box of Spyware Nuker. To clean temporary files: Go > start > run and type cleanmgr and click OK Scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked. Click OK to remove those files. Click Yes to confirm deletion. C:\Windows\Prefetch\ >>> delete the contents (NOT THE FOLDER) The computer may start up a little slow a couple of times, but that will pass. You should delete the contents of the prefetch folder not to often. How many antivirusprograms are you running? If NOD32 does not belong to Hitmanpro I see three scanners. Do you realize that it is absolutely* advisable to use 1 antivirusprogram?* This post has been edited by Toscane: Mar 31 2006, 01:52 PM

Rummbler View Member Profile	Apr 1 2006, 02:40 AM Post #12
Member Posts: 12 From: Leeuwarden, The Netherlands OS: Windows XP	All done! The (virus)programs running in the background are: Avast! Perfect Process Shield SpywareGuard I did download Sophos once, but cancelled that install, so I only have Avast! actively running on the background. Maybe the other programs are remains of HitmanPro? This post has been edited by Rummbler: Apr 1 2006, 02:40 AM

Toscane View Member Profile	Apr 1 2006, 06:08 AM Post #13
Visiting Staff Posts: 38 OS: XP pro	Well, you have to uninstall those other antivirusprograms for they still are active. Uninstall via > control panel > software. Afterwards reboot the computer and please post back with a new HijackThis log.

Rummbler View Member Profile	Apr 1 2006, 07:36 AM Post #14
Member Posts: 12 From: Leeuwarden, The Netherlands OS: Windows XP	Done, and here you go! Logfile of HijackThis v1.99.1 Scan saved at 15:35:03, on 1-4-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Perfect Process\ppshield.exe C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\WINDOWS\system32\spupdsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\spnpinst.exe C:\WINDOWS\system32\Sysocmgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe C:\Documents and Settings\Rummbler\Desktop\HijackThis.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geenstijl.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [Perfect Process shield] C:\Program Files\Perfect Process\ppshield.exe O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1101572226390 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: bw+0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: offline-8876480 - {93B2D63B-664B-4B88-BE74-F870B33E090F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: Sophos Anti-Virus Network (SweepNet) - Unknown owner - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE (file missing) O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Unknown owner - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS (file missing) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Toscane View Member Profile	Apr 1 2006, 02:11 PM Post #15
Visiting Staff Posts: 38 OS: XP pro	Clean up your systemrestore: For XP: Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected) 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Reboot. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check Turn off System Restore. Click Apply, and then click OK.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Complete Noob needs help with SpyAxe and mssearch.exe [RESOLVED]	10 / 899	31st December 2005 - 10:33 PM ash_j started - last by loophole
Virus, Spyware and Trojan Removal Help with spyquake and internet hijack [RESOLVED]	11 / 665	1st April 2006 - 07:36 PM joelallen started - last by Trevuren
Virus, Spyware and Trojan Removal Please help with Amaena and NTVDM problem. [RESOLVED]	12 / 1,162	28th April 2006 - 11:40 PM geojf3 started - last by Trevuren
Virus, Spyware and Trojan Removal Need help with Trojan infection possibly LooktoMe [RESOLVED]	12 / 608	25th May 2006 - 09:50 PM terryinobidos started - last by RiP