Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

It all started with spyware:danger


  • This topic is locked This topic is locked

#1
fredfreeldr

fredfreeldr

    Member

  • Member
  • PipPip
  • 10 posts
Hi, I am made a mess of things and now I am so confused.

A week ago, I got spiked with the Spyware: Danger Advert. It came
with a few other nasties, but I did not know that at the time. I just
thought it was one thing, so I followed the directions I found lingering
for removal, and then I followed another set of directions, and then
well I have it removed. No more red screen, no more advert.

It used to block me from changing the windows background, but I can do
that now.

What I can't do is more difficult to explain. The computer seems slower, it does
not consistently connect to the internet, I can't add new users, and the sound
does not work.

I know a little knowledge can be very dangerous.

Can you help?

Thanks

-Fred.

My latest

> Logfile of HijackThis v1.99.1
> Scan saved at 8:33:07 PM, on 4/14/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Common Files\Dell\EUSW\Support.exe
> C:\Program Files\Logitech\iTouch\iTouch.exe
> C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\Program Files\QuickTime\qttask.exe
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
> C:\Program Files\Logitech\MouseWare\system\em_exec.exe
> C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
> C:\WINDOWS\BCMSMMSG.exe
> C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
> C:\Program Files\AIM\aim.exe
> C:\Program Files\America Online 9.0\aoltray.exe
> C:\Palm\HOTSYNC.EXE
> C:\Program Files\Microsoft Office\OSA.EXE
> C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
> C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
> C:\WINDOWS\System32\CTsvcCDA.exe
> C:\WINDOWS\wanmpsvc.exe
> C:\WINDOWS\System32\MsPMSPSv.exe
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\LogitechDesktopMessenger.exe
> C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
>
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.yahoo.com/
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.yahoo.com/
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
> - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common
> Files\Dell\EUSW\Support.exe
> O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
> Files\Logitech\iTouch\iTouch.exe
> O4 - HKLM\..\Run: [VirusScan Online]
> c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
> Files\QuickTime\qttask.exe" -atboottime
> O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
> Jukebox\mm_tray.exe
> O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
> Jukebox\mmtask.exe
> O4 - HKLM\..\Run: [MCUpdateExe]
> C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
> O4 - HKLM\..\Run: [MCAgentExe] C:\Program
> Files\McAfee.com\Agent\mcagent.exe
> O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
> O4 - HKLM\..\Run: [KASP] "C:\Program Files\Kaspersky Lab\Kaspersky
> Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe"
> O4 - HKLM\..\Run: [iTunesHelper] C:\Program
> Files\iTunes\iTunesHelper.exe
> O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
> AntiSpyware\gcasServ.exe"
> O4 - HKLM\..\Run: [diagent] "C:\Program
> Files\Creative\SBLive\Diagnostics\diagent.exe" startup
> O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
> O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD
> Creator 5\DirectCD\DirectCD.exe"
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> C:\WINDOWS\system32\NvCpl.dll,NvStartup
> O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
> /background
> O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\LogitechDesktopMessenger.exe
> O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
> O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
> C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
> O4 - Startup: HotSync Manager.LNK = C:\Palm\HOTSYNC.EXE
> O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program
> Files\Microsoft Home Publishing\MHPRMIND.EXE
> O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program
> Files\America Online 9.0\aoltray.exe
> O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
> O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
> Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
> O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program
> Files\Microsoft Office\FINDFAST.EXE
> O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft
> Office\OSA.EXE
> O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
> C:\Program Files\AIM\aim.exe
> O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
> C:\WINDOWS\System32\Shdocvw.dll
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
> - http://www.kaspersky.../kavwebscan.cab
> O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
> Class) - http://www.pandasoft.../as5/asinst.cab
> O18 - Protocol: bw+0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw+0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw-0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw-0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw00 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw00s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw10 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw10s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw20 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw20s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw30 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw30s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw40 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw40s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw50 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw50s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw60 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw60s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw70 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw70s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw80 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw80s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw90 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bw90s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwa0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwa0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwb0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwb0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwc0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwc0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwd0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwd0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwe0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwe0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwf0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwf0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B}
> - C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\GAPlugProtocol-8876480.dll
> O18 - Protocol: bwg0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwg0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwh0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwh0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwi0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwi0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwj0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwj0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwk0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwk0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwl0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwl0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwm0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwm0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwn0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwn0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwo0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwo0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwp0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwp0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwq0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwq0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwr0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwr0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bws0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bws0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwt0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwt0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwu0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwu0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwv0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwv0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bww0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bww0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwx0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwx0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwy0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwy0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwz0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: bwz0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} -
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O18 - Protocol: offline-8876480 -
> {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program
> Files\Logitech\Desktop
> Messenger\8876480\Program\BWPlugProtocol-8876480.dll
> O23 - Service: AOL Connectivity Service (AOL ACS) - America Online,
> Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
> O23 - Service: Creative Service for CDROM Access - Creative Technology
> Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
> O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
> C:\Program Files\iPod\bin\iPodService.exe
> O23 - Service: McAfee.com McShield (McShield) - Unknown owner -
> c:\PROGRA~1\mcafee.com\vso\mcshield.exe
> O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) -
> Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
> O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation -
> C:\WINDOWS\System32\NMSSvc.exe
> O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -
> America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements


#2
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
fredfreeldr

Hello and welcome to Geeks To Go.

One reason for your slow down is that you have two antivirus programs installed. They will conflict with each other and can cause serious slow downs.

Please uninstall one of them (I suggest you uninstall McAfee) and then post back with some updated information and a fresh HiJackThis log.

ScHwErV :tazz:
  • 0

#3
fredfreeldr

fredfreeldr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you, I will do as you suggested, when I get back to the computer on monday, and then post the updated hijackthis file.

-fred
  • 0

#4
fredfreeldr

fredfreeldr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Forgive me, it has been two weeks since I last posted, so I started a new topic. I was at a friends house, and though a pop-up attack infected his computer with the Spyware: Danger (Red screen) virus/trojan. The PC is now clear of the visible effects of the Spyware problem, but is now experiencing many other problems.

1st. The control panels do not work, USERs, Sound, and others simply do not open.
2nd. I am still getting duplicate icons, when new software is install or icons are copied to the desktop. If I delete one copy, the other will stay until restart (when it vanishes)
3rd. Most programs are running, but intolerable slow. Explorer.exe constantly freezes and does not redraw the screen, but new programs can be forced(using run, from task manager to open.
4th. I am sure other things are happening, but I am not sure what. -
5th, right the sound card is working, but does not show int he sound control panel, so windows does not recognize it as a device.

Thanks for any help.

I am in possession of the computer, until it is fixed, but the sooner the better.

Thanks in advance.

I have attached the latest Hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 8:55:01 PM, on 4/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: HotSync Manager.LNK = C:\Palm\HOTSYNC.EXE
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Protocol: bw+0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


And the start uplist.

StartupList report, 4/25/2005, 9:03:42 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Administrator\Desktop\hijackthis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Hillel Buechler\Start Menu\Programs\Startup]
HotSync Manager.LNK = C:\Palm\HOTSYNC.EXE
Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
Logitech Utility = Logi_MwX.Exe
iTunesHelper = C:\Program Files\iTunes\iTunesHelper.exe
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
BCMSMMSG = BCMSMMSG.exe
AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
RegistryMechanic = C:\Program Files\Registry Mechanic\RegMech.exe /QS

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

AIM = C:\Program Files\AIM\aim.exe -cnetwait.odl
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

*Registry key not found*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\INF\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssmyst.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

McAfee.com Update Check (DDS4MV21-Hillel Buechler).job
McAfee.com Update Check (DDS4MV21-Owner).job
McAfee.com Update Check (HILLEL-Hillel Buechler).job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
CODEBASE = http://active.macrom...tor/cabs/sw.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://www.pandasoft.../as5/asinst.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Compaq AGP Bus Filter: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled)
ALI AGP Bus Filter: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled)
amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled)
AOL Connectivity Service: C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled)
asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Wireless-G PCI Adapter Driver: System32\DRIVERS\bcmwl5.sys (manual start)
BCM V.92 56K Modem: System32\DRIVERS\BCMSM.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
MAC Bridge: System32\DRIVERS\bridge.sys (manual start)
MAC Bridge Miniport: System32\DRIVERS\bridge.sys (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled)
cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (autostart)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled)
Creative Service for CDROM Access: C:\WINDOWS\System32\CTsvcCDA.exe (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled)
dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel® PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start)
3Com EtherLink XL 90XB/C Adapter Driver: System32\DRIVERS\el90xbc5.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
i81x: System32\DRIVERS\i81xnt5.sys (manual start)
iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)
iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)
iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)
iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)
iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)
iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)
iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)
iAimTV2: System32\DRIVERS\wATV03nt.sys (manual start)
iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)
iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled)
IntelIde: \SystemRoot\System32\DRIVERS\intelide.sys (disabled)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: C:\Program Files\iPod\bin\iPodService.exe (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
iTouch Keyboard Filter: System32\DRIVERS\itchfltr.sys (manual start)
Jukebox3: System32\DRIVERS\ctpdusb.sys (manual start)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Logitech PS/2 Mouse Filter Driver: System32\DRIVERS\L8042pr2.Sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Logitech Mouse Class Filter Driver: System32\DRIVERS\LMouFlt2.Sys (manual start)
McAfee.com McShield: c:\PROGRA~1\mcafee.com\vso\mcshield.exe (manual start)
McAfee.com VirusScan Online Realtime Engine: c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
NaiFiltr: System32\DRIVERS\NaiFiltr.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NIC Management Service Configuration Driver: \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS (manual start)
Intel® NMS: C:\WINDOWS\System32\NMSSvc.exe (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OMCI WDM Device Driver: System32\DRIVERS\omci.sys (system)
Creative SB Live! Series (WDM): system32\drivers\P16X.sys (manual start)
Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled)
perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled)
PfModNT: \??\C:\WINDOWS\System32\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled)
Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled)
ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled)
ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled)
ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\System32\DRIVERS\sisagp.sys (disabled)
Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Windows Service Pack Installer update service: C:\WINDOWS\system32\spupdsvc.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{F79A1568-D6C5-4C69-A086-936CF52DBBE3} (manual start)
symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled)
sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled)
sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\System32\DRIVERS\viaagp.sys (disabled)
ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start)
WAN Miniport (ATW) Service: "C:\WINDOWS\wanmpsvc.exe" (autostart)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
WMDM PMSP Service: C:\WINDOWS\System32\MsPMSPSv.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 35,242 bytes
Report generated in 0.094 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

#5
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Lets start out with some general scans and see if we cant clean things up a little.

Please download Spybot Search & Destroy and AdAware.

Follow all the instructions on this website to run a scan with both of these softwares.

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

After that, I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Post back with those logs and we can continue from there.

Good Luck

ScHwErV :tazz:
  • 0

#6
fredfreeldr

fredfreeldr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi,

Okay this is the logfile from ad-aware. I have quarrantined all the identified critical objects.

I am going to run search and destroy next.

- f




Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, April 27, 2005 5:16:54 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BroadCastPC(TAC index:7):1 total references
CometSystems(TAC index:8):4 total references
CoolWebSearch(TAC index:10):8 total references
MRU List(TAC index:0):44 total references
TIB Browser(TAC index:6):7 total references
Tracking Cookie(TAC index:3):15 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


4-27-2005 5:16:54 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Hillel Buechler\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\office\8.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\office\8.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\office\8.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\office\8.0\excel\recent file list
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\office\8.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\office\8.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\creative tech\creative wavestudio\settings
Description : list of recently used directories in creative wavestudio


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio
Description : information on the last station listened to using musicmatch radio


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\clipart gallery\2.0\mrudescription
Description : most recently used description in microsoft clipart gallery


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\fileconv
Description : file conversion location settings in musicmatch jukebox


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\office\8.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-4152384067-2879483868-3088757929-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 580
ThreadCreationTime : 4-27-2005 8:57:58 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 644
ThreadCreationTime : 4-27-2005 8:57:59 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 4-27-2005 8:58:00 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 4-27-2005 8:58:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 4-27-2005 8:58:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 872
ThreadCreationTime : 4-27-2005 8:58:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 972
ThreadCreationTime : 4-27-2005 8:59:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1144
ThreadCreationTime : 4-27-2005 9:00:20 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1156
ThreadCreationTime : 4-27-2005 9:01:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1200
ThreadCreationTime : 4-27-2005 9:01:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1308
ThreadCreationTime : 4-27-2005 9:01:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [itouch.exe]
FilePath : C:\Program Files\Logitech\iTouch\
ProcessID : 1432
ThreadCreationTime : 4-27-2005 9:01:27 PM
BasePriority : Normal
FileVersion : 2.20.243
ProductVersion : 2.20.243
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : © 1998-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments : Created by the iTouch team

#:13 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1444
ThreadCreationTime : 4-27-2005 9:01:27 PM
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:14 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1452
ThreadCreationTime : 4-27-2005 9:01:27 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:15 [em_exec.exe]
FilePath : C:\Program Files\Logitech\MouseWare\system\
ProcessID : 1488
ThreadCreationTime : 4-27-2005 9:01:28 PM
BasePriority : Normal
FileVersion : 9.79.019
ProductVersion : 9.79.019
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team

#:16 [gcasserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 1512
ThreadCreationTime : 4-27-2005 9:01:29 PM
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:17 [bcmsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 1520
ThreadCreationTime : 4-27-2005 9:01:29 PM
BasePriority : Normal
FileVersion : 3.5.25 08/27/2003 20:04:35
ProductVersion : 3.5.25 08/27/2003 20:04:35
ProductName : BCM Modem Messaging Applet
CompanyName : Broadcom Corporation
FileDescription : Modem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Broadcom Corporation 1998-2000
OriginalFilename : smdmstat.exe

#:18 [directcd.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\
ProcessID : 1528
ThreadCreationTime : 4-27-2005 9:01:30 PM
BasePriority : Normal
FileVersion : 5.3.4.21
ProductVersion : 5.3.4.21
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:19 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 1580
ThreadCreationTime : 4-27-2005 9:01:34 PM
BasePriority : Normal
FileVersion : 5.5.3572
ProductVersion : 5.5.3572
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:20 [hotsync.exe]
FilePath : C:\Palm\
ProcessID : 1624
ThreadCreationTime : 4-27-2005 9:01:39 PM
BasePriority : Normal
FileVersion : 3.1.1
ProductVersion : 3.1.0
ProductName : HotSync® Manager
CompanyName : Palm Computing, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-1999 Palm Computing, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm Computing, Inc.
OriginalFilename : Hotsync.exe

#:21 [mhprmind.exe]
FilePath : C:\Program Files\Microsoft Home Publishing\
ProcessID : 1648
ThreadCreationTime : 4-27-2005 9:01:40 PM
BasePriority : Normal
FileVersion : 3, 0, 1, 2006
ProductVersion : 3, 0, 0, 0
ProductName : Microsoft Graphics Studio Home Publishing & Greetings
CompanyName : Microsoft Corporation
FileDescription : Microsoft Graphics Studio Home Publishing & Greetings
InternalName : Microsoft Graphics Studio Home Publishing & Greetings
LegalCopyright : Copyright © 1998
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : MHPRMNDD.EXE
Comments : Microsoft Graphics Studio Home Publishing & Greetings

#:22 [acsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\aol\ACS\
ProcessID : 1972
ThreadCreationTime : 4-27-2005 9:01:53 PM
BasePriority : Normal


#:23 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1992
ThreadCreationTime : 4-27-2005 9:01:53 PM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:24 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 136
ThreadCreationTime : 4-27-2005 9:01:53 PM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:25 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 192
ThreadCreationTime : 4-27-2005 9:01:53 PM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:26 [firefox.exe]
FilePath : C:\PROGRA~1\MOZILL~1\
ProcessID : 1952
ThreadCreationTime : 4-27-2005 9:15:40 PM
BasePriority : Normal


#:27 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\
ProcessID : 404
ThreadCreationTime : 4-27-2005 9:16:18 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 44


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CometSystems Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{32ba13af-001c-456e-8825-8d53077460ac}

CometSystems Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{844c39ec-7ea4-4f11-bce6-28404fd768e3}

CometSystems Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{8fcd3b3f-6f3e-4bb2-9c37-b03b27f71857}

TIB Browser Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{c4855f24-2fee-4253-af26-24d539508ab1}

TIB Browser Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tibsloaderaxdll.tibsloader.4

TIB Browser Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tibsloaderaxdll.tibsloader.4
Value :

TIB Browser Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tibsloaderaxdll.tibsloader

TIB Browser Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tibsloaderaxdll.tibsloader
Value :

TIB Browser Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c1c2ac28-5e4b-4228-b7a0-05e986ffce14}

TIB Browser Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c1c2ac28-5e4b-4228-b7a0-05e986ffce14}
Value :

CometSystems Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-4152384067-2879483868-3088757929-1006\software\comet systems

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 11
Objects found so far: 55


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 55


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hillel [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Hillel Buechler\Cookies\hillel [email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hillel [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Hillel Buechler\Cookies\hillel [email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hillel [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Hillel Buechler\Cookies\hillel [email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hillel [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Hillel Buechler\Cookies\hillel [email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hillel [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Hillel Buechler\Cookies\hillel [email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hillel [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Hillel Buechler\Cookies\hillel [email protected][1].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 61



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt

BroadCastPC Object Recognized!
Type : File
Data : GLK12.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Hillel Buechler\Local Settings\Temp\



CoolWebSearch Object Recognized!
Type : File
Data : A0000154.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\



CoolWebSearch Object Recognized!
Type : File
Data : A0000155.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 73


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 73




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search\searchproperties\en-us
Value : [email protected]

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\styles
Value : User Stylesheet

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 79

5:34:55 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:18:00.813
Objects scanned:214469
Objects identified:35
Objects ignored:0
New critical objects:35

Edited by fredfreeldr, 27 April 2005 - 03:56 PM.

  • 0

#7
fredfreeldr

fredfreeldr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I have tried a number of times to run Adware SE, but it will not move past the quarrantining indicators. I have run Search and Destroy with out any problems.

After several failed attempts, I was able to run Trend Micro's online scanner. The scanner found two virus that it cleaned and a trojan agent (troj agent PN) at C:\system volume information\_restor{b37680b2-ba0a-4e5d-bf30-83e44c588624}\rp6\a0000114.dll
(actually with capital letters betwwen {})


I am traveling this weekend but I will be back on Monday, to start this over again.

Thanks.

-f

Edited by fredfreeldr, 27 April 2005 - 11:57 PM.

  • 0

#8
fredfreeldr

fredfreeldr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
25,000 Events & Celebrations Clip Art
Absolute Uninstaller 1.41
Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 6.0
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20030807.3)
AOL Instant Messenger
Backyard Baseball 2001
BCM V.92 56K Modem
Britannica Ready Reference
Creative Jukebox Driver
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support
DiMAGE Viewer
DVDSentry
Easy CD Creator 5 Basic
Greeting Card Maker
HijackThis 1.99.1
Hoyle Casino 2003
Intel® PRO Ethernet Adapter and Software
Intel® PROSet II
iPod Updater 2004-11-15
iTunes
Kid Pix Deluxe 3
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.79
Logitech Resource Center
Macromedia Shockwave Player
Magic Starter
McAfee.com SecurityCenter
McAfee.com VirusScan Online
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft AntiSpyware
Microsoft Combat Flight Simulator 3.1
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Greetings
Microsoft Office 97, Professional Edition
Microsoft Picture It! Express 2.0
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Word 97
Microsoft Works Setup Launcher
Minolta DiMAGE remote camera driver
Modem Helper
Monopoly
Mozilla Firefox (1.0.2)
MUSICMATCH® Jukebox
Nancy Drew: Treasure in the Royal Tower
Need For Speed Hot Pursuit 2
NOMAD Explorer
NVIDIA Display Driver
Paint Shop Pro 7
Palm Desktop
PowerDVD
Print Center Deluxe
Quicken 2002 New User Edition
QuickTime
RealOne Player
Roll
RollerCoaster Tycoon 2
Scrabble
Shockwave
SimCity 2000® CD Collection
Sound Blaster Live!
Spybot - Search & Destroy 1.3
The Sims 2
The Sims Superstar
TweakMASTER
Viewpoint Media Player
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Wireless-G PCI Adapter
WordPerfect Office 2002
WordPerfect Office 2002
Yahoo! Toolbar
Zoo Tycoon: Complete Collection
  • 0

#9
fredfreeldr

fredfreeldr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:57:39 AM, on 4/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\TWEAKM~1\TMTray.exe
C:\Program Files\AIM\aim.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Administrator\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TweakMASTER] C:\PROGRA~1\TWEAKM~1\TMTray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: HotSync Manager.LNK = C:\Palm\HOTSYNC.EXE
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Protocol: bw+0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A845BD37-1328-4760-BA2F-DFA7E6A1F64A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#10
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Looks clean from here. How are things running?

ScHwErV :tazz:
  • 0

#11
fredfreeldr

fredfreeldr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
When I left on my trip, the ad-ware program was still quarantining (actually I shut the machine down in the morning but Ad-ware had not finished)

It looks clean, but I think that is because I effectively was able to clean up most of the visible manifestations, I think there are still .dll's or windows services effected.

That or problems with the registry. I downloaded registry mechanic or some such tool, and it says several entries are set to delete - what ever that means.

Also, i still do not have access to the users control panel, or the ability to choose a sound card in the sound control panel. The sound card does not function, but the device manager setting say it is fine.

When I get back I think I may try uninstall the sound card, and reinstalling it.

Also, when I install a new program two icons are created on the desktop, but I am not sure that either of them really points to the correct program, because the programs do not start and windows crashes.

Windows crashes every time I click on one of the desktop icons. It seems as if explorer.exe is freezing and not redrawing the screen correctly. If i end-task explorer.exe, (early enough) I can start programs through the task manager 'run' without too many problems.

well that's the latest, have a great weekend.

And thanks again

-f
  • 0

#12
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
If adaware is taking that long to run, we should clean some things up and then run a full adaware scan in safe mode. PS, I dont need the AdAware logs ;)

Please download and install CleanUp!

http://cleanup.stevengould.org/

Run it and let it delete all the computers temp folders.

Then reboot into safe mode and run adaware with the following settings.
  • Download, install, update, configure, and run Ad-Aware SE Personal 1.05.
    • Download Ad-Aware SE Personal 1.05:
    • Install Ad-Aware SE Personal 1.05:
      • Double-click on aawsepersonal.exe to install the program.
      • Follow the default settings for installation.
      • After the program has finished installing uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
    • Update Ad-Aware SE Personal 1.05:
      • Double-click the Ad-Aware SE Personal icon on your desktop.
      • Click "Check for updates now" then click "Connect".
      • It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
    • Configure Ad-Aware SE Personal 1.05:
      • Click on the Gear button at the top of the window.
      • Click "General" on the left hand side to display the General Settings box.
        • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
        • "Automatically save logfile"
        • "Automatically quarantine objects prior to removal"
        • "Safe Mode (always request confirmation)"
        • "Prompt to update outdated definitions" - change to 7 days from the default 14.
    • Click "Scanning" on the left hand side to display the Scan Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
      • "Scan within archives"
      • "Select drives & folders to scan" - select your hard drive(s).
      • "Scan active processes"
      • "Scan registry"
      • "Deep-scan registry"
      • "Scan my IE favorites for banned URLs"
      • "Scan my Hosts file"
    • Click "Advanced" on the left hand side to display the Advanced Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
      • "Move deleted files to Recycle Bin"
      • "Include additional object information"
      • "Include negligible objects information"
      • "Include environment information"
    • Click "Defaults" on the left hand side to display the Default Settings box.
      • Make sure these items have your preferred settings in them.:
      • "Default homepage"
      • "Default searchpage"
    • Click "Tweak" on the left hand side to display the Tweak Settings box.
      • Click the + (plus) sign next to the Log Files section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
        • "Include basic Ad-Aware settings in log file"
        • "Include additional Ad-Aware settings in log file"
        • "Include reference summary in log file"
        • "Include alternate data stream details in log file"
      • Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
        • "Unload recognized processes & modules during scan"
        • "Scan registry for all users instead of current user only"
        • "Obtain command line of scanned processes"
      • Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
        • "Always try to unload modules before deletion"
        • "During removal, unload Explorer and IE if necessary"
        • "Let Windows remove files in use at next reboot"
        • "Delete quarantined objects after restoring"
    • Once you are done with these settings, click "Proceed" to save them.
    • This will take you back to the main screen.
  • Run Ad-Aware SE Personal 1.05:
    • Click the "Start" button.
    • Uncheck the "Search for negligible risk entries" entry.
    • Choose the "Use custom scanning options" scan mode.
    • Click the "Next" button.
    • Ad-Aware will begin to scan for malware residing on your computer.
    • Allow the scan to finish.
    • Right-click on any entry in the list and click "Select All" to select the whole list.
    • Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.
ScHwErV :tazz:
  • 0

#13
fredfreeldr

fredfreeldr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Okay, so I have tried to run Adware several times, and it still freezes. It instantly pops up quaranting and then sits there. I have let it sit for hours. Perhaps it needs more time?

It detects, Cool Web Search, ALexa, CometSystems, and TIB Browser.

Are there alternative ways to remove these, or should I just fold my cards, and wipe and reload?

Thanks again.

Oh, I did run the clean up and I ran adware in safe mode.
  • 0

#14
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Since your HiJackThis log is clean, I am going to refer you over to the lavasoft support forum. One of the highly knowledgable folks over there should reply to you shortly. I am going to move this thread over there ;)

ScHwErV :tazz:
  • 0

#15
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello fredfreeldr and ScHwErV!
Fredfreeldr, some suggestions from here should help you out.
Just follow the instructions.
Post back. ;)

- Rawe :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP