Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Will donate for good fast help...ADW_VALUEAD.A among others...


  • This topic is locked This topic is locked

#1
tkersey

tkersey

    Member

  • Member
  • PipPip
  • 15 posts
I have followed the Cick Here before posting the Hijack This Log. I am ready to get my computer back to how it used to be with your help and I don't expect you to work for free. Please respond soon, just tell me what to do next and I'll be eternally greatful.

Cheers!
  • 0

Advertisements


#2
logreeval

logreeval

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,230 posts
Hello tkersey and welcome to GeeksToGo!

I am logreeval and will be helping you clean your computer :whistling:

I need to see a hijackthis log..

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
==========

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

==========

Next Reply:
1)HijackThis log
2)Uninstall list

logreeval
  • 0

#3
tkersey

tkersey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here we go...


Logfile of HijackThis v1.99.1
Scan saved at 8:55:33 AM, on 01/12/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.excite.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r4.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.r4.attbi.com;<local>;localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\Documents and Settings\Tedd Kersey\Application Data\Mozilla\Profiles\default\ee6w8j0f.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Tedd Kersey\Application Data\Mozilla\Profiles\default\ee6w8j0f.slt\prefs.js)
O2 - BHO: (no name) - {3EFB347F-B342-2CB3-D377-165509852961} - C:\WINDOWS\System32\yciddjiz.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted IP range: 64.127.104.144
O15 - Trusted IP range: 64.127.104.144 (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (WebProgramManager Class) - http://isupport4.hp....SWebManager.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.c...yer5.2AxWin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: bw+0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: System - {3CDB3C0B-20F3-4925-8526-5954A60ECAC7} - C:\WINDOWS\system32\system32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
  • 0

#4
tkersey

tkersey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
The Un-install list...

3Com NIC Diagnostics
Active Disk
Ad-aware 6 Personal
Adobe Acrobat 5.0
Adobe After Effects 5.0
Adobe Dimensions 3.0
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe GoLive 5.0
Adobe Illustrator 8.0
Adobe InDesign 1.5
Adobe LiveMotion
Adobe Photoshop 6.0
Adobe Premiere 6.0
Adobe Reader 6.0
Adobe Type Manager Deluxe 4.1
Advanced RealMedia Export Plug-in for Premiere 6.0
AVG Anti-Spyware 7.5
Cleaner 5 EZ
Core FTP Lite 1.2f
Dell Picture Studio - Image Expert 2000
Dell Solution Center
DellTouch
Director 8 Shockwave Studio
EA.com Update
Easy CD Creator 5 Basic
GameSpy Arcade
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
hp instant support
hp officejet k series
HyperTerminal Private Edition v6.3
Iomega App Services
IomegaWare
Java 2 Runtime Environment Standard Edition v1.3.1_03
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
LimeWire
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
Lucent Win Modem
Macromedia Flash 5
Madden NFL 2003
Medal of Honor Allied Assault
Microsoft Data Access Components KB870669
Microsoft Interactive Training
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Modem Helper
Mozilla Firefox (1.0)
MSN Messenger 7.5
MusicMatch Jukebox
Netscape (7.1)
NHL 2001
NoAdware 2.01
NVIDIA Windows 2000/XP Display Drivers
Panda ActiveScan
PhoneTools
Quicken 2002 Deluxe
QuickTime
RealPlayer Basic
SafeCast Shared Components
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Shockwave Player
Skype 2.0
Sound Blaster Live! Value
Spybot - Search & Destroy 1.3
SSH Secure Shell
Swift 3D Version 2.00
SWiSH v2.0
TaxCut 2004
Trend Micro PC-cillin Internet Security 2005
TurboTax Deluxe 2002
TurboTax Premier Home & Business 2003
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Manager (Remove Only)
Viewpoint Media Player (Remove Only)
ViewSonic Monitor Drivers
WexTech AnswerWorks
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WingMan Software
WinMX
  • 0

#5
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,279 posts
Hi, tkersey :whistling:

I am sure logreeval will properly assist you shortly. I will remove your post from the Waiting Room. This room is reserved for threads that have not receved an anwser for three days or more.

Thanks for understanding. :blink:
  • 0

#6
logreeval

logreeval

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,230 posts
I am terribly sorry for the delay, it was my birthday weekend, the big 15 :blink:

Back to business :whistling:

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: (no name) - {3EFB347F-B342-2CB3-D377-165509852961} - C:\WINDOWS\System32\yciddjiz.dll (file missing)
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted IP range: 64.127.104.144
O15 - Trusted IP range: 64.127.104.144 (HKLM)
O21 - SSODL: System - {3CDB3C0B-20F3-4925-8526-5954A60ECAC7} - C:\WINDOWS\system32\system32.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.
'
====================

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
====================

When done post a fresh HijackThis log please :help:

logreeval
  • 0

#7
tkersey

tkersey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Congrats on the birthday Logreeval!

I'm really glad you're back, man. I followed your instructions...here is the latest hijack log....

Logfile of HijackThis v1.99.1
Scan saved at 11:08:20 PM, on 01/15/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.excite.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r4.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.r4.attbi.com;<local>;localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\Documents and Settings\Tedd Kersey\Application Data\Mozilla\Profiles\default\ee6w8j0f.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Tedd Kersey\Application Data\Mozilla\Profiles\default\ee6w8j0f.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (WebProgramManager Class) - http://isupport4.hp....SWebManager.CAB
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.c...yer5.2AxWin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: bw+0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
  • 0

#8
logreeval

logreeval

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,230 posts
Looks pretty good :whistling:

thanks again about my birthday

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

===================

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Post back with a fresh HijackThis log and the F-Secure log, also if you are having any problems/how your system is running.

logreeval
  • 0

#9
tkersey

tkersey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Scanning Report
Wednesday, January 17, 2007 08:47:49 - 10:09:03

Computer name: D59B8B11
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 5 malware found
Trojan.Win32.Dialer.u (virus)

* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000019.EXE (Renamed & Submitted)

Trojan.Win32.Zapchast.cp (virus)

* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000017.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000018.EXE (Renamed & Submitted)

W32/EliteBar.G.dropper (virus)

* C:\WINDOWS\GX9FZJ83M9.EXE (Submitted)

W32/WebRebates.D.dropper (virus)

* C:\SYSTEM VOLUME INFORMATION\_RESTORE{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000025.EXE (Submitted)

Statistics
Scanned:

* Files: 50039
* System: 4802
* Not scanned: 2

Actions:

* Disinfected: 0
* Renamed: 3
* Deleted: 0
* None: 2
* Submitted: 5

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-01-17
* F-Secure AVP: 7.0.171, 2007-01-17
* F-Secure Orion: 1.2.37, 2007-01-17
* F-Secure Blacklight: 1.0.53, 0000-00-00
* F-Secure Draco: 1.0.35, 0260-02-44
* F-Secure Pegasus: 1.19.0, 2007-00-16

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
  • 0

#10
tkersey

tkersey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Logreeval,

Followed your instructions (ATF Cleaner, F-Secure Online Scanner, HiJack This Log)

Computer is a dog; start up takes 10 minutes +, S&D Spybot Resident attemps to block Avenue A, DoubleClick and Excite everytime Internet Explorer is started, way too much lag time trying to access files, applications (Office, Illustrator, Photoshop, etc) are painfully slow before and after this step of the cleanup process. Can we fix it?



Logfile of HijackThis v1.99.1
Scan saved at 10:19:24 AM, on 01/17/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.excite.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r4.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.r4.attbi.com;<local>;localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\Documents and Settings\Tedd Kersey\Application Data\Mozilla\Profiles\default\ee6w8j0f.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Tedd Kersey\Application Data\Mozilla\Profiles\default\ee6w8j0f.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (WebProgramManager Class) - http://isupport4.hp....SWebManager.CAB
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.c...yer5.2AxWin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: bw+0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
  • 0

Advertisements


#11
logreeval

logreeval

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,230 posts
Hello again.

Please delete this file: C:\WINDOWS\GX9FZJ83M9.EXE

If Spybot flags some items, lets see if there is something else hiding on that system of yours.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Post back with a Fresh HijackThis log and the Kaspersky log.

logreeval
  • 0

#12
tkersey

tkersey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here's the Kaspersky Log


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
01/21/2007 11:14:19 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 21/01/2007
Kaspersky Anti-Virus database records: 260576
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 77296
Number of viruses found: 21
Number of infected objects: 186 / 0
Number of suspicious objects: 3
Duration of the scan process: 01:01:29

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Leah Kersey\Local Settings\Temp\THI544E.tmp\mxTarget.dll Infected: not-a-virus:AdWare.Win32.BiSpy.o skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tedd Kersey\Application Data\Mozilla\Profiles\default\ee6w8j0f.slt\parent.lock Object is locked skipped
C:\Documents and Settings\Tedd Kersey\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Tedd Kersey\Local Settings\Application Data\Identities\{EB187F76-71F6-4642-90B5-A8593A810903}\Microsoft\Outlook Express\Sent Items.dbx/[From "Tedd Kersey" <[email protected]>][Date Sun, 6 Jul 2003 07:18:17 -0600]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Tedd Kersey\Local Settings\Application Data\Identities\{EB187F76-71F6-4642-90B5-A8593A810903}\Microsoft\Outlook Express\Sent Items.dbx/[From "Tedd Kersey" <[email protected]>][Date Sun, 6 Jul 2003 07:18:17 -0600]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Tedd Kersey\Local Settings\Application Data\Identities\{EB187F76-71F6-4642-90B5-A8593A810903}\Microsoft\Outlook Express\Sent Items.dbx Mail MS Outlook 5: suspicious - 2 skipped
C:\Documents and Settings\Tedd Kersey\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tedd Kersey\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tedd Kersey\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Tedd Kersey\Local Settings\History\History.IE5\MSHist012007012120070122\index.dat Object is locked skipped
C:\Documents and Settings\Tedd Kersey\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Tedd Kersey\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tedd Kersey\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Tedd Kersey\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\BWDocMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\BWInfopakMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\L0000002.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tedd Kersey\Data\storydb.idx Object is locked skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\10.tmp/alchem.exe Infected: Trojan-Downloader.Win32.Alchemic skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\10.tmp CAB: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\10.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\11.tmp/twaintec.dll Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\11.tmp/preInsTT.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\11.tmp/polall1m.exe/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\11.tmp/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\11.tmp CAB: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\11.tmp CryptFF.b: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\12.tmp/twaintec.dll Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\12.tmp/preInsTT.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\12.tmp/polall1m.exe/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\12.tmp/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\12.tmp CAB: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\12.tmp CryptFF.b: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\127.tmp/satmat.exe Infected: Trojan-Downloader.Win32.Stubby.d skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\127.tmp CAB: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\127.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\128.tmp Infected: Trojan-Downloader.Win32.Stubby.d skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\12A.tmp/satmat.exe Infected: Trojan-Downloader.Win32.Stubby.d skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\12A.tmp CAB: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\12A.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\13.tmp/twaintec.dll Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\13.tmp/preInsTT.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\13.tmp/polall1m.exe/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\13.tmp/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\13.tmp CAB: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\13.tmp CryptFF.b: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\14.tmp/twaintec.dll Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\14.tmp/preInsTT.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\14.tmp/polall1m.exe/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\14.tmp/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\14.tmp CAB: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\14.tmp CryptFF.b: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\15.tmp/alchem.exe Infected: Trojan-Downloader.Win32.Alchemic skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\15.tmp CAB: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\15.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\16.tmp/twaintec.dll Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\16.tmp/preInsTT.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\16.tmp/polall1m.exe/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\16.tmp/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\16.tmp CAB: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\16.tmp CryptFF.b: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\17.tmp/twaintec.dll Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\17.tmp/preInsTT.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\17.tmp/polall1m.exe/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\17.tmp/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\17.tmp CAB: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\17.tmp CryptFF.b: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\18.tmp/twaintec.dll Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\18.tmp/preInsTT.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\18.tmp/polall1m.exe/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\18.tmp/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\18.tmp CAB: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\18.tmp CryptFF.b: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\19.tmp/twaintec.dll Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\19.tmp/preInsTT.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\19.tmp/polall1m.exe/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\19.tmp/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\19.tmp CAB: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\19.tmp CryptFF.b: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1A.tmp/twaintec.dll Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1A.tmp/preInsTT.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1A.tmp/polall1m.exe/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1A.tmp/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1A.tmp CAB: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1A.tmp CryptFF.b: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1B.tmp/twaintec.dll Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1B.tmp/preInsTT.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1B.tmp/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1B.tmp CAB: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1B.tmp CryptFF.b: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1C.tmp/twaintec.dll Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1C.tmp/preInsTT.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1C.tmp/polall1m.exe/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1C.tmp/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1C.tmp CAB: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1C.tmp CryptFF.b: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1D.tmp/twaintec.dll Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1D.tmp/preInsTT.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1D.tmp/polall1m.exe/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1D.tmp/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1D.tmp CAB: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1D.tmp CryptFF.b: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1E.tmp/twaintec.dll Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1E.tmp/preInsTT.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1E.tmp/polall1m.exe/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1E.tmp/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1E.tmp CAB: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1E.tmp CryptFF.b: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1F.tmp/twaintec.dll Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1F.tmp/preInsTT.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1F.tmp/polall1m.exe/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1F.tmp/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1F.tmp CAB: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\1F.tmp CryptFF.b: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2.tmp Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\20.tmp/twaintec.dll Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\20.tmp/preInsTT.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\20.tmp/polall1m.exe/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\20.tmp/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\20.tmp CAB: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\20.tmp CryptFF.b: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\21.tmp/twaintec.dll Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\21.tmp/preInsTT.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\21.tmp/polall1m.exe/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\21.tmp/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\21.tmp CAB: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\21.tmp CryptFF.b: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\22.tmp/twaintec.dll Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\22.tmp/preInsTT.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\22.tmp/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\22.tmp CAB: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\22.tmp CryptFF.b: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\23.tmp/twaintec.dll Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\23.tmp/preInsTT.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\23.tmp/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\23.tmp CAB: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\23.tmp CryptFF.b: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\24.tmp/twaintec.dll Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\24.tmp/preInsTT.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\24.tmp/polall1m.exe/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\24.tmp/polall1m.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\24.tmp CAB: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\24.tmp CryptFF.b: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\25.tmp Infected: not-a-virus:AdWare.Win32.EliteBar.a skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\26.tmp Infected: Trojan.JS.StartPage.r skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\27.tmp Infected: Trojan-Clicker.Win32.Small.ab skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\28.tmp/polall1r.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\28.tmp CAB: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\28.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\28C.tmp/systb.dll Infected: not-a-virus:AdWare.Win32.ImiBar.d skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\28C.tmp CAB: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\28C.tmp MimarSinan: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\28C.tmp UPX: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\28C.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\29.tmp Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2A.tmp/polall1r.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2A.tmp CAB: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2A.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B.tmp/polall1r.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B.tmp CAB: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2B.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2C.tmp/polall1r.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2C.tmp CAB: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\2C.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\3.tmp Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\36.tmp Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\37.tmp Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\38.tmp Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\39.tmp Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4.tmp Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\4E.tmp Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\5.tmp Infected: Trojan-Downloader.Win32.QDown.m skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\70.tmp/polall1r.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\70.tmp CAB: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\70.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\71.tmp/polall1r.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\71.tmp CAB: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\71.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\75A.tmp Infected: Trojan-Downloader.Win32.Stubby.d skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\78.tmp Infected: not-a-virus:AdWare.Win32.PurityScan.w skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\79.tmp Infected: not-a-virus:AdWare.Win32.PurityScan.w skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\7E.tmp Infected: not-a-virus:AdWare.Win32.Midadle.b skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\82.tmp Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\9.tmp Infected: Trojan-Downloader.Win32.Swizzor.k skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\A.tmp Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\B.tmp Infected: Trojan.Win32.Dialer.bi skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\BC.tmp Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\FD.tmp/polall1r.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\FD.tmp CAB: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\FD.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\FE.tmp/polall1r.exe Infected: Trojan-Downloader.Win32.Agent.ae skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\FE.tmp CAB: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2005\Quarantine\FE.tmp CryptFF.b: infected - 1 skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000017.0XE Infected: Trojan.Win32.Zapchast.cp skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000018.0XE Infected: Trojan.Win32.Zapchast.cp skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000019.0XE Object is locked skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000020.exe Object is locked skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000021.exe Object is locked skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000022.exe Object is locked skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000023.exe Object is locked skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000024.exe Object is locked skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000025.exe/data0003/data0001 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000025.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000025.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000025.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000025.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000025.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000026.exe Object is locked skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000027.exe Infected: not-a-virus:Porn-Dialer.Win32.Kotu.c skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000028.exe Object is locked skipped
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP7\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\secure33.txt Infected: not-virus:Hoax.Win32.Renos.y skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


And a fresh HiJack This Log too...

Logfile of HijackThis v1.99.1
Scan saved at 11:18:07 AM, on 01/21/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.excite.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r4.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.r4.attbi.com;<local>;localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\Documents and Settings\Tedd Kersey\Application Data\Mozilla\Profiles\default\ee6w8j0f.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Tedd Kersey\Application Data\Mozilla\Profiles\default\ee6w8j0f.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (WebProgramManager Class) - http://isupport4.hp....SWebManager.CAB
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.c...yer5.2AxWin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: bw+0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AE908FA8-C0C2-4943-9A00-BA7351460903} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AE908FA8-C0C2-4943-9A00-B
  • 0

#13
logreeval

logreeval

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,230 posts
Hello again tkersey

Could you please tell me the exact things that Spybot S&D finds, such as the registry key/file name and what they call it? I believe this to be an error on Spybots.

Also, how the system is running.

logreeval
  • 0

#14
tkersey

tkersey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sup Logreeval!?

The computer is still acting up. For instance, Trend Micro attempts to block internet access due to virus detections. I will post for your viewing pleasure. Also, any attempt to update Spybot comes back with a "Bad Check Sum" and will not update the software. I was able to run the older version 1.3 with the last update occurring in 11/2004! Startup is a drag, it takes wayyyy too long and then I'm afraid of causing more damage by even turning this thing on in the first place. I am open to unistalling unused software if you think that might help, anything? ...



Spybot 1.3 File:

Excite: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Excite: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Excite: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Excite: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Excite: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Excite: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Excite: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Excite: Tracking cookie (Mozilla: default) (Cookie, nothing done)


DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3293823761-784950871-2387590086-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

IE Plugin: Data (File, nothing done)
C:\WINDOWS\lu.dat


--- Spybot - Search && Destroy version: 1.3 ---
2004-08-11 Includes\Cookies.sbi
2004-11-09 Includes\Dialer.sbi
2004-11-09 Includes\Hijackers.sbi
2004-11-09 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-11-09 Includes\Malware.sbi
2004-10-05 Includes\Revision.sbi
2004-10-25 Includes\Security.sbi
2004-11-09 Includes\Spybots.sbi
2004-10-21 Includes\Tracks.uti
2004-11-09 Includes\Trojans.sbi


Trend Mirco Info

"Virus Log","2007/01/21","D59B8B11"
"Time","Event","Source Type","Virus Name","File Name","First Action","Second Action"
"10:33","Real-time Scan","File","DIAL_KTUDIALER.A","C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000019.0XE","Deny Access",""
"10:33","Real-time Scan","File","ADW_WILDMEDIA.A","C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000020.exe","Deny Access",""
"10:33","Real-time Scan","File","ADW_TOPMOXIE.A","C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000021.exe","Deny Access",""
"10:33","Real-time Scan","File","ADW_TOPREBATES.B","C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000022.exe","Deny Access",""
"10:33","Real-time Scan","File","ADW_TOPREBATES.C","C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000023.exe","Deny Access",""
"10:33","Real-time Scan","File","ADW_TOPREBATES.B","C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000024.exe","Deny Access",""
"10:33","Real-time Scan","File","ADW_TOPREBATES.A","C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000026.exe","Deny Access",""
"10:33","Real-time Scan","File","ADW_VALUEAD.A","C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000028.exe","Deny Access",""
"11:37","Real-time Scan","File","DIAL_KTUDIALER.A","C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000019.0XE","Deny Access",""
"12:34","Real-time Scan","File","DIAL_KTUDIALER.A","C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000019.0XE","Deny Access",""
"13:34","Real-time Scan","File","DIAL_KTUDIALER.A","C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000019.0XE","Deny Access",""
"14:34","Real-time Scan","File","DIAL_KTUDIALER.A","C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000019.0XE","Deny Access",""
"15:34","Real-time Scan","File","DIAL_KTUDIALER.A","C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000019.0XE","Deny Access",""
"16:34","Real-time Scan","File","DIAL_KTUDIALER.A","C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000019.0XE","Deny Access",""
"17:34","Real-time Scan","File","DIAL_KTUDIALER.A","C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000019.0XE","Deny Access",""
"18:34","Real-time Scan","File","DIAL_KTUDIALER.A","C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000019.0XE","Deny Access",""
"19:34","Real-time Scan","File","DIAL_KTUDIALER.A","C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000019.0XE","Deny Access",""
"20:34","Real-time Scan","File","DIAL_KTUDIALER.A","C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000019.0XE","Deny Access",""
"21:34","Real-time Scan","File","DIAL_KTUDIALER.A","C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000019.0XE","Deny Access",""
"22:34","Real-time Scan","File","DIAL_KTUDIALER.A","C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000019.0XE","Deny Access",""
"23:34","Real-time Scan","File","DIAL_KTUDIALER.A","C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP2\A0000019.0XE","Deny Access",""

Does any of this help you???
  • 0

#15
logreeval

logreeval

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,230 posts
Hello again.

Could you please delete this file:

C:\WINDOWS\lu.dat

==========

All the other things that Spybot finds are errors. I recommend you removes uninstall Spybot, and go for another on-demand scanner, I recommend AVG Anti-Spyware or SUPERAntispyware.

The Trend Micro log shows items that are in the system restore, we will clear those out at the end.

Post a HijackThis log in your reply.

logreeval
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP