Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

no desktop or startbar, hjt log... [RESOLVED]

Started by shibby_srd , Aug 22 2005 11:52 PM

  • This topic is locked This topic is locked

#1
shibby_srd
Posted 22 August 2005 - 11:52 PM

shibby_srd

    Member

  • Member
  • PipPip
  • 16 posts
My computer froze and I was unable to use the task mgr to shut down so I turned it off manually. Now when it starts up there is no start menu, system tray or icons. I was unable to do a system restore even in safe mode. I do not have an xp disk. I also cannot get into recovery mode because i cannot remember my admin password. I cannot use ewido because I have already used the 14 day trial. I was also unable to install housecall. Am I out of luck? Here is a hijackthis log;Logfile of HijackThis v1.99.1
Scan saved at 12:43:50 AM, on 8/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\Restore\srdiag.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {45F6ACBD-7DB5-4021-8E03-09370480686F} - C:\WINDOWS\system32\hbedhdb.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
O4 - HKLM\..\Run: [vs2T3tR] rdbund.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\se.dll,DllInstall
O4 - HKLM\..\RunOnce: [ATIPRB] C:\Program Files\ATI Technologies\ATI Control Panel\atiprbxx.exe /g
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] C:\PROGRA~1\PANICW~1\POP-UP~2\PopUpStopperProfessional.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ncnk.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: cpcScanner - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123732435562
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O18 - Protocol: bw+0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - {A29E8EDC-E4FA-46E7-88EB-924B76658815} - C:\WINDOWS\system32\hbedhdb.dll
O18 - Filter: text/plain - {A29E8EDC-E4FA-46E7-88EB-924B76658815} - C:\WINDOWS\system32\hbedhdb.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\Ibetwh32.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

:tazz:
  • 0

Advertisements

#2
Snickets
Posted 23 August 2005 - 11:48 AM

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello shibby_srd,

Welcome to GeekstoGo my name is Snickets and I will be helping you today!!!

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files.Reboot your computer into normal windows.

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.

Thank you,

Snickets

:tazz:
  • 0

#3
shibby_srd
Posted 23 August 2005 - 02:04 PM

shibby_srd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I have downloaded these programs but am unable to check for updates. Should I run the scans anyway?
  • 0

#4
Snickets
Posted 23 August 2005 - 02:38 PM

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello shibby_srd,

Can you get into Safe mode with Networking?

If so please let me know if you are able to update while in this mode.

You will be able to log into this site while in safe mode with networking.

Thank you,

Snickets

:tazz:
  • 0

#5
shibby_srd
Posted 23 August 2005 - 05:52 PM

shibby_srd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Yes, i was able to update in safe mode w/ networking. I will continue on to your other instructions now.
  • 0

#6
Snickets
Posted 24 August 2005 - 07:28 AM

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello shibby_srd,

Sounds good, please follow the instructions carefully and then post a fresh log from normal mode when you have completed the steps.

Thank you,

Snickets

:tazz:
  • 0

#7
shibby_srd
Posted 24 August 2005 - 10:33 AM

shibby_srd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I have run all the scans. Still no desktop, yadda yadda... By the way I curently have no antivirus on my computer. Here are the logs you asked for;
aboutbuster;
AboutBuster 5.0 reference file 31
Scan started on [8/23/2005] at [7:11:21 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 7:12:01 PM


AboutBuster 5.0 reference file 31
Scan started on [8/23/2005] at [7:25:45 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 7:26:30 PM


SPSeHjfix;
(8/23/05 7:31:28 PM) SPSeHjFix started v1.1.2
(8/23/05 7:31:28 PM) OS: WinXP Service Pack 2 (5.1.2600)
(8/23/05 7:31:28 PM) Language: english
(8/23/05 7:31:28 PM) Win-Path: C:\WINDOWS
(8/23/05 7:31:28 PM) System-Path: C:\WINDOWS\system32
(8/23/05 7:31:28 PM) Temp-Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\
(8/23/05 7:32:23 PM) Disinfection started
(8/23/05 7:32:23 PM) Bad-Dll(IEP): (not found)
(8/23/05 7:32:23 PM) Bad-Dll(IEP) in BHO: (not found)
(8/23/05 7:32:23 PM) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\system32\hbedhdb.dll
(8/23/05 7:32:23 PM) Searchassistant Uninstaller - Keys Deleted
(8/23/05 7:32:23 PM) UBF: 7 - UBB: 0 - UBR: 42
(8/23/05 7:32:23 PM) UBF: 7 - UBB: 0 - UBR: 42
(8/23/05 7:32:23 PM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\WINDOWS\TEMP\se.dll,DllInstall (deleted)
(8/23/05 7:32:23 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank

k-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, August 23, 2005 23:48:59
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 24/08/2005
Kaspersky Anti-Virus database records: 136722
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 127152
Number of viruses found: 76
Number of infected objects: 1902
Number of suspicious objects: 0
Duration of the scan process: 8111 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\1 media.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\4flag.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\AmokTool.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\bash axis.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\BendBat.exe Infected: Trojan.Win32.Krepper.ab
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\BOLT 2.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\Cdromdeaf.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\Citycorn.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\COPYFAST.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\Defaultbend.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\eggs proxy.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\Flagscr.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\free dale.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\Global Drive.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\globalthe.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\gpl burn.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\Heck Boob.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\Hole mpeg.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\Inside Audio.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\Kind Itch.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\MfcdMeet.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\NEW IDLE.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\OKAY GLOBAL.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\phone bows.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\pop up.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\Proxy meta.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\PROXY WAIT.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\RDR ANTE.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\Support logo.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\Title Mail.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\User Cake.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Application Data\Interwebbibkind\Window kind.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ncnk.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\Documents and Settings\NetworkService\Application Data\UPLOCKS\ayvzokzn.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\NetworkService\Application Data\UPLOCKS\ffzpnppl.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\NetworkService\Application Data\UPLOCKS\gdybsqdi.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\NetworkService\Application Data\UPLOCKS\igtwpsnt.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\NetworkService\Application Data\UPLOCKS\kpajetig.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\NetworkService\Application Data\UPLOCKS\qhjpoevx.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\NetworkService\Application Data\UPLOCKS\qsfjarzn.exe Infected: Trojan-Downloader.Win32.Swizzor.df
C:\Documents and Settings\NetworkService\Application Data\UPLOCKS\ucxrnyno.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\NetworkService\Application Data\UPLOCKS\uzvwnznc.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\NetworkService\Application Data\UPLOCKS\zxynjdzn.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\arch10213.jar-71d8e3fb-306920e5.zip/RunString.class Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\arch10213.jar-71d8e3fb-306920e5.zip/Colors.class Infected: Trojan-Downloader.Java.OpenStream.b
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\arch10213.jar-71d8e3fb-306920e5.zip Infected: Trojan-Downloader.Java.OpenStream.b
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\loaderadv102.jar-77cd9c55-1243a577.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\loaderadv102.jar-77cd9c55-1243a577.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\loaderadv117.jar-79c8ea86-5c55f407.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\loaderadv117.jar-79c8ea86-5c55f407.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\loaderadv602.jar-4cc4e0-502b5542.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\loaderadv602.jar-4cc4e0-502b5542.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\Application Data\UPLOCKS\afqszzig.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\Documents and Settings\Owner\Application Data\UPLOCKS\chwhbrdl.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Documents and Settings\Owner\Application Data\UPLOCKS\dqkxtnlo.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\Owner\Application Data\UPLOCKS\eajlfyvs.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\Owner\Application Data\UPLOCKS\gnyuzriv.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Documents and Settings\Owner\Application Data\UPLOCKS\iejjldxa.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\Owner\Application Data\UPLOCKS\internetfourblah.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\Documents and Settings\Owner\Application Data\UPLOCKS\lmfyvxqt.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\Owner\Application Data\UPLOCKS\mfrqkomt.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\Owner\Application Data\UPLOCKS\onxubqdm.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\Owner\Application Data\UPLOCKS\oqrshkle.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\Owner\Application Data\UPLOCKS\plooujmu.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\Owner\Application Data\UPLOCKS\pzmcfqgb.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\Owner\Application Data\UPLOCKS\rdrhlyry.exe Infected: Trojan-Downloader.Win32.Swizzor.bz
C:\Documents and Settings\Owner\Application Data\UPLOCKS\thbxrbga.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\Owner\Application Data\UPLOCKS\ubprxzel.exe Infected: Trojan-Downloader.Win32.Swizzor.cn
C:\Documents and Settings\Owner\Application Data\UPLOCKS\upmswosb.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\Owner\Application Data\UPLOCKS\vycxgjxd.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Documents and Settings\Owner\Application Data\UPLOCKS\xafbwuhb.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\037CF65F-04D3-4311-87B1-8F527C.asq Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\56040486-171F-4697-B8FA-E9D048.asq Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\65378120-13B9-4932-B14F-D38698.asq Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\9BCD434E-6E02-48AF-BBBE-D66BC0.asq Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\Program Files\Microsoft AntiSpyware\Quarantine\65C95ACC-56F8-4771-A578-250430\46105417-C4D4-4FBE-A088-491972 Infected: Trojan-Downloader.Win32.Qoologic.aa
C:\Program Files\Microsoft AntiSpyware\Quarantine\65C95ACC-56F8-4771-A578-250430\4FF35D01-0626-4ADC-90C9-FD7B85 Infected: Trojan-Downloader.Win32.Qoologic.aa
C:\Program Files\Microsoft AntiSpyware\Quarantine\65C95ACC-56F8-4771-A578-250430\53FF4245-95F5-4E93-9200-1D9314 Infected: Trojan-Downloader.Win32.Qoologic.aa
C:\Program Files\Norton AntiVirus\Quarantine\007B6C2C.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\00DE3729.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\00FE652D.tmp Infected: Trojan-Downloader.Win32.Apropo.ag
C:\Program Files\Norton AntiVirus\Quarantine\01071EEB.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\01D15AF4.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\01D15AF4.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\01D30AFA.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\02973D4B.000 Infected: Trojan-Downloader.Win32.PurityScan.af
C:\Program Files\Norton AntiVirus\Quarantine\029F7709.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\03622A6C.tmp Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\03965BD9.000 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\039905D5.000 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\039905D5.001 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\039C2FD2.000 Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\03A059CE.000 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\03A957C3.000 Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\03A957C3.001 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\045E5266.000 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\0535610C.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\0535610C.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\05D96104.tmp Infected: Trojan.Java.ClassLoader.z
C:\Program Files\Norton AntiVirus\Quarantine\05DD583A.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\05E16767.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\06967BAA.tmp Infected: Trojan-Downloader.Win32.Qoologic.n
C:\Program Files\Norton AntiVirus\Quarantine\076A6A1B.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\08542E93.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\094E1A21.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\09DA3DE1.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\09F96693.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\0A8A5CD3.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\0ADE2F20.exe Infected: Trojan-Downloader.Win32.Agent.ro
C:\Program Files\Norton AntiVirus\Quarantine\0B5A749A.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\0B5A749A.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\0BB92D4A.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\0C6479C1.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\0C894EB5.tmp Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\0C975AEA.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\0CBF5C08.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\0CFD50F1.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\0D5B0D3A.tmp Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\0E277949.000 Infected: Trojan-Downloader.Win32.PurityScan.af
C:\Program Files\Norton AntiVirus\Quarantine\0E303308.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\0E5415E9.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\0E5415E9.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\0F622021.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\0F622021.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\0FC50E32.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\110119C6.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\114C5D24.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\114C5D24.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\12113697.exe Infected: Trojan-Dropper.Win32.Agent.pb
C:\Program Files\Norton AntiVirus\Quarantine\12146093.com Infected: Trojan-Dropper.Win32.Agent.pb
C:\Program Files\Norton AntiVirus\Quarantine\12146093.exe Infected: Trojan-Downloader.Win32.Qoologic.n
C:\Program Files\Norton AntiVirus\Quarantine\12170A8F.exe Infected: Trojan-Downloader.Win32.Qoologic.aa
C:\Program Files\Norton AntiVirus\Quarantine\121E5E88.exe Infected: Trojan-Downloader.Win32.Qoologic.x
C:\Program Files\Norton AntiVirus\Quarantine\12931554.000 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\145E0474.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\15370E75.dll Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\15437B93.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\158379B5.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\158379B5.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\164C43CF.tmp Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\16596086.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\1758307D.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\176F72D2.000 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\176F72D2.001 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\182775AB.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\18580075.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\18855331.tmp Infected: Trojan-Downloader.Win32.Apropo.ah
C:\Program Files\Norton AntiVirus\Quarantine\18BF64F2.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\18EB4939.tmp Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\19513F40.tmp Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\195364C6.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\19582D3A.tmp Infected: Trojan-Dropper.Win32.Agent.lu
C:\Program Files\Norton AntiVirus\Quarantine\19854297.exe Infected: Trojan-Dropper.Win32.Agent.pb
C:\Program Files\Norton AntiVirus\Quarantine\19C06F07.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\19E7649A.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\1A26650E.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\1A7B646E.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\1A912281.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\1B0F6442.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\1B7E4A63.000 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\1BA36416.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\1BEE02C3.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\1BFB5A03.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\1C3763EA.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\1C7B7CBE.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\1D5200FC.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\1D5E6391.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\1D6208F6.000 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\1D6208F6.001 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\1D804CCA.dll Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\1DB939EB.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\1E515ED9.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\1E515ED9.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\1F201EFF.tmp Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\1F4E518F.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\1F825AB5.000 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\1F825AB5.001 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\21371E99.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\22145D81.DLL Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\22622F56.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\23937FD3.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\23937FD3.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\23AF1928.exe Infected: Trojan-Downloader.Win32.Small.bgl
C:\Program Files\Norton AntiVirus\Quarantine\23B852E7.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\24160F30.tmp Infected: Trojan-Downloader.Win32.Apropo.ah
C:\Program Files\Norton AntiVirus\Quarantine\241E48EF.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\242357DD.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\242357DD.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\247C0538.tmp Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\24843EF6.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\24D90BE6.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\24E27B3F.tmp Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\251A427F.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\251A427F.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\27044457.000 Infected: Trojan-Downloader.Win32.PurityScan.af
C:\Program Files\Norton AntiVirus\Quarantine\27AF3E37.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\28167754.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\29377B28.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\29377B28.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\293F54E9.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\2B1316B3.000 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\2B486FDB.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\2B635132.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\2B793E5A.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\2BB41A2E.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\2BF95DE2.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\2CAB6EC2.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\2D1216C5.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\2D931FAB.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\2D9B0959.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\2ECF5F99.cla Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\2EF00375.tmp Infected: Trojan.Java.ClassLoader.z
C:\Program Files\Norton AntiVirus\Quarantine\2EF32D71.tmp Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\2EFA016A.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Program Files\Norton AntiVirus\Quarantine\2EFA016A.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Program Files\Norton AntiVirus\Quarantine\2FAF04ED.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\300C4136.tmp Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\30157AF5.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\3072373E.tmp Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\30DC3EBB.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\30DC3EBB.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\31475D0B.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\31A36AD9.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\343F6BE4.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\35B43607.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\36441B66.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\36BF2E9F.tmp Infected: Trojan-Downloader.Win32.Apropo.ah
C:\Program Files\Norton AntiVirus\Quarantine\3776012A.tmp Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\37C3254A.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\387556A0.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\39771DC1.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\398F1F79.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\398F1F79.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\39A00D75.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\39B45D4D.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\39F53E25.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\3A915AB2.exe Infected: Trojan-Dropper.Win32.Agent.pb
C:\Program Files\Norton AntiVirus\Quarantine\3B3604C7.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\3B3604C7.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\3B3F40EC.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\3BA536F3.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\3CD7190A.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\3E957467.000 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\3E957467.001 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\3E975326.tmp Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\40676075.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\41522D2A.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\41522D2A.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\41EC3BAA.tmp Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\42E7232F.tmp Infected: Trojan-Downloader.Win32.Apropo.ah
C:\Program Files\Norton AntiVirus\Quarantine\438C6CB1.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\445356A8.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\45124D54.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\45124D54.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\4576728C.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\463849AA.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\463849AA.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\485F1B4A.000 Infected: Trojan-Downloader.Win32.PurityScan.af
C:\Program Files\Norton AntiVirus\Quarantine\48685509.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\497626C5.exe Infected: Trojan-Downloader.Win32.Qoologic.aa
C:\Program Files\Norton AntiVirus\Quarantine\499076A9.exe Infected: Trojan-Downloader.Win32.Qoologic.aa
C:\Program Files\Norton AntiVirus\Quarantine\49974AA1.dat Infected: Trojan-Downloader.Win32.Qoologic.aa
C:\Program Files\Norton AntiVirus\Quarantine\49A04897.tmp Infected: Trojan.Win32.Stervis.c
C:\Program Files\Norton AntiVirus\Quarantine\49A47293.tmp Infected: Trojan.Win32.Stervis.c
C:\Program Files\Norton AntiVirus\Quarantine\49A71C8F.tmp Infected: Trojan.Win32.Stervis.c
C:\Program Files\Norton AntiVirus\Quarantine\49AA468C.tmp Infected: Trojan.Win32.Stervis.c
C:\Program Files\Norton AntiVirus\Quarantine\49AD7088.tmp Infected: Trojan.Win32.Stervis.c
C:\Program Files\Norton AntiVirus\Quarantine\49B44481.tmp Infected: Trojan.Win32.Stervis.c
C:\Program Files\Norton AntiVirus\Quarantine\49B76E7D.dll Infected: Trojan-Downloader.Win32.Qoologic.aa
C:\Program Files\Norton AntiVirus\Quarantine\49B76E7D.tmp Infected: Trojan-Downloader.Win32.Qoologic.x
C:\Program Files\Norton AntiVirus\Quarantine\4AD91EAC.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\4B9B5DB5.dll Infected: Trojan-Downloader.Win32.Qoologic.aa
C:\Program Files\Norton AntiVirus\Quarantine\4BA13F04.tmp Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\4BE164E5.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\4BE45F3D.000 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\4C07350B.cla Infected: Trojan.Java.ClassLoader.ac
C:\Program Files\Norton AntiVirus\Quarantine\4C1C5FC7.tmp Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\4C905506.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\4D241B3D.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\4F051FDB.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\4FB30EA7.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\4FF751EE.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\4FF751EE.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\50BE270C.tmp Infected: Trojan-Downloader.Win32.Intexp.c
C:\Program Files\Norton AntiVirus\Quarantine\51806C89.tmp Infected: Trojan-Downloader.Win32.Apropo.ah
C:\Program Files\Norton AntiVirus\Quarantine\51E46463.tmp Infected: Trojan-Dropper.Java.Beyond.d
C:\Program Files\Norton AntiVirus\Quarantine\529E6A18.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\52A11414.dll Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\52C62EF1.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\54446D39.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\54D31DC4.tmp Infected: Trojan.Win32.StartPage.yi
C:\Program Files\Norton AntiVirus\Quarantine\54D647C0.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\54DA2892.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\54DD1BB9.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\54E045B6.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\54E36FB2.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\54E619AE.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\54EA43AB.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\54ED6DA7.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\54F017A4.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\54F341A0.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\54F76B9C.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\55016992.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\5504138E.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\55073D8A.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\550A6787.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\55170F78.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\551E6371.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\5524376A.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\55286166.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\55325F5C.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\55383355.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\553F074D.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\55455B46.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\55480543.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\554C2F3F.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\554F593B.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\55520338.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\55595731.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\555C012D.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\555F2B29.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\5569291F.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\556C531B.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\55707D17.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\55765110.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\55797B0D.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\55804F05.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\558622FE.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\558A4CFB.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\558D76F7.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\559020F3.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\55934AF0.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\55DA788A.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\56760615.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\56D94881.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\575B6955.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\57D81879.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\58396997.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\583C1394.dll Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\583D7DFE.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\58A13E85.exe Infected: Trojan-Downloader.Win32.Agent.qg
C:\Program Files\Norton AntiVirus\Quarantine\58B84997.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\58D76871.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\597D37C2.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\597D37C2.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\5A0D301B.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\5B643F35.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\5C1B7052.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\5DEC7BDC.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\5DEC7BDC.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\5DF074E8.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\5E015976.tmp Infected: Trojan.Java.ClassLoader.z
C:\Program Files\Norton AntiVirus\Quarantine\5E1F7F2D.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\5E22292A.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\5E4D3131.tmp Infected: Trojan-Downloader.Win32.Apropo.ah
C:\Program Files\Norton AntiVirus\Quarantine\5EB32738.tmp Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\5F04724D.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\5F1A1D40.tmp Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\5F88702F.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\5F88702F.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\5FC95AC3.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\5FEE430D.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\602139DD.000 Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\61D63C5B.tmp Infected: Trojan.Java.ClassLoader.z
C:\Program Files\Norton AntiVirus\Quarantine\624A001B.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\62EB715D.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\62EB715D.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\63143D7C.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\63391CAA.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\651C1940.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\6520433C.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\65262B3A.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\652A5536.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\654A38B4.000 Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\659846DA.000 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\659846DA.001 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\659C70D6.000 Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\659F1AD2.000 Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\659F1AD2.001 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\66E1627C.tmp Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\66F146AE.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\67CB17F7.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\69110120.tmp Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\Program Files\Norton AntiVirus\Quarantine\694A2566.tmp Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\69BD174D.000 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\69BD174D.001 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\69DD77EE.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\69E626EE.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\6A294E07.tmp Infected: Trojan-Downloader.Win32.Small.amq
C:\Program Files\Norton AntiVirus\Quarantine\6A364B01.tmp Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\6A446337.tmp Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\6A4805FE.000 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\6A4805FE.001 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\6AAA593E.tmp Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\6AB312FD.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\6B104F46.tmp Infected: Trojan-Clicker.Win32.Small.ez
C:\Program Files\Norton AntiVirus\Quarantine\6B190905.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\6B7F7F0C.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\6BCC7E7C.dll Infected: Trojan.Win32.StartPage.yi
C:\Program Files\Norton AntiVirus\Quarantine\6BCF2878.d4B Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\6DC677C6.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\6F311496.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\6FAC5276.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\6FE65715.exe Infected: Trojan-Dropper.Win32.Agent.pb
C:\Program Files\Norton AntiVirus\Quarantine\6FE90112.com Infected: Trojan-Dropper.Win32.Agent.pb
C:\Program Files\Norton AntiVirus\Quarantine\6FE90112.exe Infected: Trojan-Dropper.Win32.Agent.pb
C:\Program Files\Norton AntiVirus\Quarantine\6FE90112.tmp Infected: Trojan-Clicker.Win32.Small.ez
C:\Program Files\Norton AntiVirus\Quarantine\6FF0550B.tmp Infected: Trojan-Downloader.Win32.Small.abd
C:\Program Files\Norton AntiVirus\Quarantine\70807174.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\71BA5760.tmp Infected: Trojan-Dropper.Win32.Agent.pb
C:\Program Files\Norton AntiVirus\Quarantine\71BD015C.tmp Infected: Trojan-Clicker.Win32.Small.ez
C:\Program Files\Norton AntiVirus\Quarantine\71C12B59.tmp Infected: Trojan-Downloader.Win32.Small.asf
C:\Program Files\Norton AntiVirus\Quarantine\71C45555.tmp Infected: Trojan-Downloader.Win32.Qoologic.n
C:\Program Files\Norton AntiVirus\Quarantine\71D17D47.tmp Infected: Trojan-Downloader.Win32.Braidupdate.d
C:\Program Files\Norton AntiVirus\Quarantine\71DE2538.tmp Infected: Trojan-Downloader.Win32.Qoologic.n
C:\Program Files\Norton AntiVirus\Quarantine\728338C0.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\728338C0.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\72BB2E8C.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\7306353C.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\7306353C.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\74662A33.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\756E2A94.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\75DD58F4.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\75E60BDD.000 Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\76A94503.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\770F3B0B.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\77742511.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\77CE6C0B.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\77CE6C0B.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\79C16B20.000 Infected: Trojan-Downloader.Win32.PurityScan.af
C:\Program Files\Norton AntiVirus\Quarantine\79C4151D.000 Infected: Trojan-Downloader.Win32.PurityScan.af
C:\Program Files\Norton AntiVirus\Quarantine\79C73F19.000 Infected: Trojan-Downloader.Win32.PurityScan.af
C:\Program Files\Norton AntiVirus\Quarantine\79CA6916.000 Infected: Trojan-Downloader.Win32.PurityScan.af
C:\Program Files\Norton AntiVirus\Quarantine\79CB7BE0.tmp Infected: Trojan-Downloader.Win32.Apropo.ah
C:\Program Files\Norton AntiVirus\Quarantine\79CE1312.000 Infected: Trojan-Downloader.Win32.PurityScan.af
C:\Program Files\Norton AntiVirus\Quarantine\79CE1312.exe Infected: Trojan-Downloader.Win32.PurityScan.af
C:\Program Files\Norton AntiVirus\Quarantine\79D4670B.exe Infected: Trojan-Dropper.Win32.Agent.pb
C:\Program Files\Norton AntiVirus\Quarantine\79DB3B04.tmp Infected: Trojan-Clicker.Win32.Small.ez
C:\Program Files\Norton AntiVirus\Quarantine\79F260EB.exe Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\79F50AE7.tmp Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\79F834E3.tmp Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\79FB5EE0.tmp Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\79FF08DC.tmp Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\7A0232D9.tmp Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\7A055CD5.tmp Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\7A1204C7.tmp Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\7A162EC3.tmp Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\7A1958BF.tmp Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\7A1C02BC.tmp Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\7A1F2CB8.tmp Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\7A2356B5.tmp Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\7A2600B1.tmp Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\7A292AAD.exe/data0000.bin Infected: Trojan-Downloader.Win32.Apropo.g
C:\Program Files\Norton AntiVirus\Quarantine\7A292AAD.exe/data0002.bin Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\7A292AAD.exe Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\7A2C54AA.exe Infected: Trojan-Downloader.Win32.Qoologic.n
C:\Program Files\Norton AntiVirus\Quarantine\7A3A7C9B.cpl Infected: Trojan-Downloader.Win32.Qoologic.p
C:\Program Files\Norton AntiVirus\Quarantine\7A3D2698.tmp Infected: Trojan-Downloader.Win32.Apropo.ag
C:\Program Files\Norton AntiVirus\Quarantine\7A405094.tmp Infected: Trojan-Downloader.Win32.Apropo.ah
C:\Program Files\Norton AntiVirus\Quarantine\7A437A91.tmp Infected: Trojan-Downloader.Win32.Apropo.ah
C:\Program Files\Norton AntiVirus\Quarantine\7A487716.bin Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\7A4A4E89.tmp Infected: Trojan-Downloader.Win32.Apropo.ag
C:\Program Files\Norton AntiVirus\Quarantine\7A4B2112.dll Infected: Trojan.Win32.StartPage.vr
C:\Program Files\Norton AntiVirus\Quarantine\7A502282.tmp Infected: Trojan-Downloader.Win32.Apropo.ag
C:\Program Files\Norton AntiVirus\Quarantine\7A544C7F.tmp Infected: Trojan-Downloader.Win32.Apropo.ag
C:\Program Files\Norton AntiVirus\Quarantine\7A57767B.tmp Infected: Trojan-Downloader.Win32.Apropo.ag
C:\Program Files\Norton AntiVirus\Quarantine\7A5A2078.dll Infected: Trojan-Downloader.Win32.Qoologic.p
C:\Program Files\Norton AntiVirus\Quarantine\7A5A2078.tmp Infected: Trojan-Downloader.Win32.Apropo.ag
C:\Program Files\Norton AntiVirus\Quarantine\7A617470 Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\7A617470.tmp Infected: Trojan.Win32.Agent.db
C:\Program Files\Norton AntiVirus\Quarantine\7A674869.exe Infected: Trojan-Downloader.Win32.Small.bgl
C:\Program Files\Norton AntiVirus\Quarantine\7A6A7266 Infected: Trojan-Downloader.Win32.Small.abd
C:\Program Files\Norton AntiVirus\Quarantine\7A6E1C62.exe Infected: Trojan-Downloader.Win32.Qoologic.o
C:\Program Files\Norton AntiVirus\Quarantine\7A8E403E.exe Infected: Trojan-Downloader.Win32.Qoologic.n
C:\Program Files\Norton AntiVirus\Quarantine\7A9B6830.tmp Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\Program Files\Norton AntiVirus\Quarantine\7A9F122C.dat Infected: Trojan-Downloader.Win32.Qoologic.n
C:\Program Files\Norton AntiVirus\Quarantine\7AA56625.tmp Infected: Trojan-Downloader.Win32.Qoologic.p
C:\Program Files\Norton AntiVirus\Quarantine\7AB20E16.exe Infected: Trojan-Downloader.Win32.Delmed.a
C:\Program Files\Norton AntiVirus\Quarantine\7ABC0C0C Infected: Trojan-Downloader.Win32.Qoologic.v
C:\Program Files\Norton AntiVirus\Quarantine\7ACC5DFA.tmp Infected: Trojan-Downloader.Win32.Qoologic.p
C:\Program Files\Norton AntiVirus\Quarantine\7AE303E1.tmp Infected: Trojan-Downloader.Win32.Small.abd
C:\Program Files\Norton AntiVirus\Quarantine\7AEA57D9.exe Infected: Trojan-Downloader.Win32.PurityScan.af
C:\Program Files\Norton AntiVirus\Quarantine\7AF02BD2.tmp Infected: Trojan-Downloader.Win32.Intexp.c
C:\Program Files\Norton AntiVirus\Quarantine\7B1801BE.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\7C8E7C90.tmp Infected: Trojan.Win32.StartPage.uz
C:\Program Files\Norton AntiVirus\Quarantine\7F660D0E.tmp Infected: Trojan-Downloader.Win32.Small.abd
C:\Program Files\Norton AntiVirus\Quarantine\7FCC0316.exe Infected: Trojan-Spy.Win32.VB.eh
C:\Program Files\Spyware Nuker 2004\backup\200410081522.zip/sp.html.000 Infected: Trojan.JS.StartPage.u
C:\Program Files\Spyware Nuker 2004\backup\200410081522.zip Infected: Trojan.JS.StartPage.u
C:\Program Files\Spyware Nuker 2004\backup\200410281625.zip/sp.html.000 Infected: Trojan.JS.StartPage.u
C:\Program Files\Spyware Nuker 2004\backup\200410281625.zip Infected: Trojan.JS.StartPage.u
C:\Program Files\Spyware Nuker 2004\backup\20050412
  • 0

#8
shibby_srd
Posted 24 August 2005 - 10:40 AM

shibby_srd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I think my post was to long and didnt all get posted so here is the hijackThis log;
Logfile of HijackThis v1.99.1
Scan saved at 11:38:29 AM, on 8/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Desktop\removal equipment\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
F2 - REG:system.ini: Shell=
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
O4 - HKLM\..\Run: [vs2T3tR] rdbund.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ldlgdd.exe reg_run
O4 - HKLM\..\RunOnce: [ATIPRB] C:\Program Files\ATI Technologies\ATI Control Panel\atiprbxx.exe /g
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i
O4 - HKLM\..\RunOnce: [sphjfix] C:\DOCUME~1\Owner\Desktop\REMOVA~1\SPSEHJ~1\SPSEHJ~1.EXE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] C:\PROGRA~1\PANICW~1\POP-UP~2\PopUpStopperProfessional.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: cpcScanner - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123732435562
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O18 - Protocol: bw+0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#9
Snickets
Posted 24 August 2005 - 10:55 AM

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello shibby_srd,

Please Download the following tools to assist us in removing this infection!
  • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!
  • Download Track qoo
    • Save it somewhere you will remember like the Desktop
Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next post!
Reboot back to Normal Mode!

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!

Thank you,

Snickets

:tazz:
  • 0

#10
shibby_srd
Posted 24 August 2005 - 03:36 PM

shibby_srd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
K. Did that. Heres those logs.
winpfind scan;
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
SAHAgent 8/11/2005 12:31:06 PM 1401 C:\log.txt
UPX! 6/19/2004 6:28:08 PM 26953157 C:\NAV10ESD.exe

Checking %ProgramFilesDir% folder...
UPX! 9/1/2004 9:08:50 PM 434607 C:\Program Files\xvid_install.exe

Checking %WinDir% folder...
UPX! 9/25/2003 4:20:04 AM 43391 C:\WINDOWS\browser.exe
web-nex 8/12/2005 12:29:14 AM 4162 C:\WINDOWS\jvjok.dll
PEC2 8/18/2005 12:55:00 PM 11264 C:\WINDOWS\proxy_inst.exe
PECompact2 8/18/2005 12:55:00 PM 11264 C:\WINDOWS\proxy_inst.exe
UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll

Checking %System% folder...
69.59.186.63 8/18/2005 9:03:42 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
209.66.67.134 8/18/2005 9:03:42 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.97 8/18/2005 9:03:42 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.77 8/18/2005 9:03:42 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
web-nex 8/18/2005 9:03:42 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
winsync 8/18/2005 9:03:42 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
rec2_run 8/18/2005 9:03:42 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
PEC2 8/29/2002 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 8/20/2004 4:56:24 PM 59914 C:\WINDOWS\SYSTEM32\igfxhcsy.lhp
69.59.186.63 8/21/2005 6:14:54 PM 10240 C:\WINDOWS\SYSTEM32\jkjnb.dll
209.66.67.134 8/21/2005 6:14:54 PM 10240 C:\WINDOWS\SYSTEM32\jkjnb.dll
web-nex 8/21/2005 6:14:54 PM 10240 C:\WINDOWS\SYSTEM32\jkjnb.dll
winsync 8/21/2005 6:14:54 PM 10240 C:\WINDOWS\SYSTEM32\jkjnb.dll
PTech 8/3/2005 10:33:42 AM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 8/4/2005 8:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 8:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 12:56:38 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 12:56:46 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
KavSvc 8/4/2005 7:37:00 AM 34816 C:\WINDOWS\SYSTEM32\rcrpuue.dll
69.59.186.63 8/4/2005 7:37:00 AM 34816 C:\WINDOWS\SYSTEM32\rcrpuue.dll
209.66.67.134 8/4/2005 7:37:00 AM 34816 C:\WINDOWS\SYSTEM32\rcrpuue.dll
testpopup 8/4/2005 7:37:00 AM 34816 C:\WINDOWS\SYSTEM32\rcrpuue.dll
web-nex 8/4/2005 7:37:00 AM 34816 C:\WINDOWS\SYSTEM32\rcrpuue.dll
yourkey 8/4/2005 7:37:00 AM 34816 C:\WINDOWS\SYSTEM32\rcrpuue.dll
69.59.186.63 8/24/2005 9:16:28 AM 46080 C:\WINDOWS\SYSTEM32\sdsjggd.dll
209.66.67.134 8/24/2005 9:16:28 AM 46080 C:\WINDOWS\SYSTEM32\sdsjggd.dll
web-nex 8/24/2005 9:16:28 AM 46080 C:\WINDOWS\SYSTEM32\sdsjggd.dll
winsync 8/24/2005 9:16:28 AM 46080 C:\WINDOWS\SYSTEM32\sdsjggd.dll
winsync 8/29/2002 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8/24/2005 3:33:52 PM S 2048 C:\WINDOWS\bootstat.dat
8/21/2005 11:54:34 PM H 54156 C:\WINDOWS\QTFont.qfn
7/24/2005 6:12:22 PM HS 32 C:\WINDOWS\{F168D394-AFD1-4406-A0B7-D9572B2CBB05}.dat
8/11/2005 12:22:14 PM H 0 C:\WINDOWS\inf\oem95.inf
8/23/2005 7:54:06 PM H 0 C:\WINDOWS\LastGood\INF\oem96.inf
8/23/2005 7:54:06 PM H 0 C:\WINDOWS\LastGood\INF\oem96.PNF
7/24/2005 6:12:22 PM HS 32 C:\WINDOWS\system32\{BCECB9A8-AA7A-45CA-AE35-342F3554BCE2}.dat
7/8/2005 4:23:18 PM S 12143 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat
6/30/2005 9:06:34 AM S 11437 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896423.cat
7/19/2005 7:18:10 PM S 18913 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
6/30/2005 1:42:18 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899587.cat
6/30/2005 2:21:10 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899588.cat
6/30/2005 8:46:18 AM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899591.cat
6/28/2005 7:12:56 PM S 11845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901214.cat
7/2/2005 3:18:16 AM S 9445 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB903235.cat
8/24/2005 3:33:40 PM H 8192 C:\WINDOWS\system32\config\default.LOG
8/24/2005 3:34:48 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
8/24/2005 3:33:56 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
8/24/2005 3:34:50 PM H 81920 C:\WINDOWS\system32\config\software.LOG
8/24/2005 3:33:54 PM H 1130496 C:\WINDOWS\system32\config\system.LOG
8/11/2005 11:43:10 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
8/10/2005 8:06:10 PM S 8101 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1
8/16/2005 7:32:14 AM S 688 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
8/16/2005 9:25:58 AM S 14760 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\6C68A73125F3238F044A8115D96841B6
8/10/2005 8:06:10 PM S 408 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019
8/16/2005 7:32:14 AM S 17489 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30
8/23/2005 7:51:14 AM S 7652 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C
7/24/2005 7:03:12 PM S 70191 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1
8/10/2005 8:06:10 PM S 120 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1
8/16/2005 7:32:14 AM S 94 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
8/16/2005 9:25:58 AM S 132 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\6C68A73125F3238F044A8115D96841B6
8/10/2005 8:06:10 PM S 124 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019
8/16/2005 7:32:14 AM S 124 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30
8/23/2005 7:51:14 AM S 134 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C
7/24/2005 7:03:12 PM S 128 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1
7/18/2005 10:37:08 PM HS 1060 C:\WINDOWS\system32\config\systemprofile\Application Data\UPLOCKS\194F13D1
8/22/2005 8:32:28 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\bbb73c00-4a64-4adc-a405-b14171ce3eab
8/22/2005 8:32:28 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
8/16/2005 9:05:02 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\d6be2b3b-3974-4b52-ba60-34df77a4ea6d
8/16/2005 9:05:02 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
8/24/2005 3:00:02 PM H 304 C:\WINDOWS\Tasks\A20FB6DE9184295A.job
8/24/2005 3:00:02 PM H 236 C:\WINDOWS\Tasks\A27CDC1D91875331.job
8/24/2005 3:00:02 PM H 236 C:\WINDOWS\Tasks\A37F42FC9180C0A4.job
8/24/2005 3:00:02 PM H 274 C:\WINDOWS\Tasks\ADB4985191970931.job
8/23/2005 7:46:00 PM HS 192 C:\WINDOWS\Tasks\RUTASK.job
8/24/2005 3:32:14 PM H 6 C:\WINDOWS\Tasks\SA.DAT
8/11/2005 2:35:20 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CXERGLUZ\desktop.ini
8/11/2005 2:35:20 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\G1A3O9UN\desktop.ini
8/11/2005 2:35:20 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\Q01K34WX\desktop.ini
8/11/2005 2:35:20 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\RJ2UV5FP\desktop.ini

Checking for CPL files...
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 9/20/2004 4:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
5/11/2001 1:00:00 AM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Logitech Inc. 8/29/2003 3:19:16 PM 151552 C:\WINDOWS\SYSTEM32\CamCpl.cpl
8/17/2005 1:37:14 PM 31232 C:\WINDOWS\SYSTEM32\conres.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 8/20/2004 4:53:06 PM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 2/20/2003 5:42:34 PM 229487 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 5/3/2003 1:19:00 AM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 12/14/2003 10:20:50 AM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/29/2002 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/29/2002 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Realtek Semiconductor Corp. 2/17/2004 6:49:14 AM 14193152 C:\WINDOWS\SYSTEM32\DRVSTORE\Alcxwdm_cfb7d3fc0ab7f7a3133a6c25509eaf3479108975\ALSNDMGR.CPL
Intel Corporation 4/7/2003 9:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\igfxcpl.cpl
Intel Corporation 4/7/2003 9:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0010\DriverFiles\igfxcpl.cpl
Intel Corporation 4/7/2003 9:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0011\DriverFiles\igfxcpl.cpl
Realtek Semiconductor Corp. 2/17/2004 6:49:14 AM 14193152 C:\WINDOWS\SYSTEM32\ReinstallBackups\0014\DriverFiles\ALSNDMGR.CPL

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
4/14/2005 8:04:34 AM 1768 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
8/23/2003 7:53:32 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
8/24/2005 9:16:26 AM 91648 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ncnk.exe

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/23/2003 12:46:38 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
8/23/2003 9:02:04 AM 504 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
8/23/2003 7:53:32 AM HS 84 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
8/23/2003 12:46:38 AM HS 62 C:\Documents and Settings\Owner\Application Data\desktop.ini
2/11/2004 6:54:20 AM 12358 C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
2/11/2004 6:54:20 AM 61678 C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
7/22/2005 8:05:06 AM 56 C:\Documents and Settings\Owner\Application Data\Sskdmns.dll

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{F98CFF88-71DA-400E-A02A-D2E15BD6C681} = C:\WINDOWS\system32\mlsip32.dll
{21FD9863-ABFA-4C86-8CF9-D33540939C90} = C:\WINDOWS\system32\sqrmdll.dll
{4FA15218-A53A-445F-A126-9CEBFEF63404} = C:\WINDOWS\system32\Ibetwh32.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fkfnqqgn
{13fee2b0-1565-48fa-928f-041fe3ca76df} = C:\WINDOWS\system32\jkjnb.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0004-C0E1-C0E1C0E1C0E1} = c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8F4902B6-6C04-4ade-8052-AA58578A21BD}
hp view = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
ButtonText = MoneySide :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11D0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = HP View : c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = HP View : c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} = :
{19006AF6-012E-8EC0-F773-489D1090F7BE} = :
{40D41A8B-D79B-43D7-99A7-9EE0F344C385} = AIM Search : C:\Program Files\AIM Toolbar\AIMBar.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
hpsysdrv c:\windows\system\hpsysdrv.exe
HotKeysCmds C:\WINDOWS\System32\hkcmd.exe
CamMonitor c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
HPHUPD05 c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
HPHmon05 C:\WINDOWS\System32\hphmon05.exe
AutoTKit C:\hp\bin\AUTOTKIT.EXE
Recguard C:\WINDOWS\SMINST\RECGUARD.EXE
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
QuickFinder Scheduler "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
IgfxTray C:\WINDOWS\System32\igfxtray.exe
Microsoft Works Update Detection C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
LogitechVideoRepair C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray C:\Program Files\Logitech\Video\LogiTray.exe
LogitechGalleryRepair C:\Program Files\Logitech\Video\ISStart.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
MessengerPlus2 "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
HP Software Update "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
mmtask C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
AlcxMonitor ALCXMNTR.EXE
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
HydraVisionDesktopManager C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
Ad-watch "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
Ad-aware "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
MimBoot C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
exp C:\WINDOWS\system32\exp
vs2T3tR rdbund.exe
ccRegVfy "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
UserFaultCheck %systemroot%\system32\dumprep 0 -u
SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
winsync C:\WINDOWS\system32\ldlgdd.exe reg_run

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
ATIPRB C:\Program Files\ATI Technologies\ATI Control Panel\atiprbxx.exe /g
*Restore C:\WINDOWS\system32\restore\rstrui.exe -i
sphjfix C:\DOCUME~1\Owner\Desktop\REMOVA~1\SPSEHJ~1\SPSEHJ~1.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AIM C:\Program Files\AIM\aim.exe -cnetwait.odl
BackupNotify c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
Yahoo! Pager "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
PopUpStopperProfessional C:\PROGRA~1\PANICW~1\POP-UP~2\PopUpStopperProfessional.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
vbapen C:\WINDOWS\system32\vbapen.exe


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell =
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder
=

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/24/2005 3:57:37 PM

trackqoo log;
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"CamMonitor"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\\\Unload\\hpqcmon.exe"
"HPHUPD05"="c:\\Program Files\\Hewlett-Packard\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"AutoTKit"="C:\\hp\\bin\\AUTOTKIT.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"QuickFinder Scheduler"="\"c:\\Program Files\\WordPerfect Office 11\\Programs\\QFSCHD110.EXE\""
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"MessengerPlus2"="\"C:\\Program Files\\Messenger Plus! 2\\MsgPlus.exe\""
"HP Software Update"="\"c:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"HydraVisionDesktopManager"="C:\\Program Files\\ATI Technologies\\HydraVision\\HydraDM.exe"
"Ad-watch"="\"C:\\Program Files\\Lavasoft\\Ad-aware 6\\Ad-watch.exe\""
"Ad-aware"="\"C:\\Program Files\\Lavasoft\\Ad-aware 6\\Ad-aware.exe\" +c"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe"
"exp"="C:\\WINDOWS\\system32\\exp"
"vs2T3tR"="rdbund.exe"
"ccRegVfy"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"
"winsync"="C:\\WINDOWS\\system32\\ldlgdd.exe reg_run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- fkfnqqgn
{13fee2b0-1565-48fa-928f-041fe3ca76df}
C:\WINDOWS\system32\jkjnb.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
C:\Program Files\Norton AntiVirus\NavShExt.dll

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk
desktop.ini
ncnk.exe
==============================
C:\Documents and Settings\Owner\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk
desktop.ini
ncnk.exe
desktop.ini
==============================
C:\WINDOWS\system32 cpl files


access.cpl Microsoft Corporation
ALSNDMGR.CPL Realtek Semiconductor Corp.
appwiz.cpl Microsoft Corporation
bdeadmin.cpl Borland Software Corporation
bthprops.cpl Microsoft Corporation
CamCpl.cpl Logitech Inc.
conres.cpl
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
igfxcpl.cpl Intel Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nvtuicpl.cpl NVIDIA Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation

Did ya need another hijackThis log?
  • 0

Advertisements

#11
shibby_srd
Posted 24 August 2005 - 03:39 PM

shibby_srd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
heres a new hjt log. :tazz:
Logfile of HijackThis v1.99.1
Scan saved at 4:37:28 PM, on 8/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\removal equipment\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
F2 - REG:system.ini: Shell=
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
O4 - HKLM\..\Run: [vs2T3tR] rdbund.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ldlgdd.exe reg_run
O4 - HKLM\..\RunOnce: [ATIPRB] C:\Program Files\ATI Technologies\ATI Control Panel\atiprbxx.exe /g
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i
O4 - HKLM\..\RunOnce: [sphjfix] C:\DOCUME~1\Owner\Desktop\REMOVA~1\SPSEHJ~1\SPSEHJ~1.EXE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] C:\PROGRA~1\PANICW~1\POP-UP~2\PopUpStopperProfessional.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ncnk.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: cpcScanner - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123732435562
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O18 - Protocol: bw+0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#12
Snickets
Posted 26 August 2005 - 03:07 PM

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello shibby_srd,
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Download: CCleaner
http://www.ccleaner.com/
http://www.filehippo...d_ccleaner.html

Once installed, launch CCleaner:
Do not change any settings, except to make sure on the Options tab>Advanced "Only delete files in Windows Temp folders older than 48 hours" is NOT checked.

Download Pocket KillBox from here. There is a Direct Download and a description of what the Program does inside this link.

Please open Notepad, and copy/paste the code in the box below into a new text file. Save it as KillQoo.reg (set Filetype to "All Files") and save it on your Desktop.

REGEDIT4

[-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fkfnqqgn]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"exp"=- 
"vs2T3tR"=-
"winsync"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"vbapen"=-

Open Pocket Killbox and Copy & Paste the entries below into the "Full Path of File to Delete"

C:\WINDOWS\jvjok.dll
C:\WINDOWS\proxy_inst.exe
C:\WINDOWS\RMAgentOutput.dll
C:\WINDOWS\SYSTEM32\datadx.dll
C:\WINDOWS\SYSTEM32\rcrpuue.dll
C:\WINDOWS\SYSTEM32\sdsjggd.dll
C:\WINDOWS\SYSTEM32\wbdbase.deu
C:\WINDOWS\system32\mlsip32.dll
C:\WINDOWS\system32\sqrmdll.dll
C:\WINDOWS\system32\Ibetwh32.dll

As you Paste each entry into Killbox,place a tick by any of these Selections available

"Delete on Reboot"
"Unregister .dll before Deleting"

Click the Red Circle with the White X in the Middle to Delete!

Restart in Safe Mode and Run those files through Killbox once more to be sure nothing survived.

This time place a tick by any of these selections available

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"

Now Locate and DoubleClick KillQoo.reg-> Allow it to merge into the Registry!

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
C:\WINDOWS\system32\exp
O4 - HKLM\..\Run: [vs2T3tR] rdbund.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ldlgdd.exe reg_run
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\
Now close all windows other than HiJackThis, then click Fix Checked.

Go to Start>Search and at the top select Tools>Folder Options
Select the View tab
Display the contents of system folders
Show hidden files and folders
Uncheck: Hide protected operating system files
Click on Apply.
Next go to the side of the Search box and select All files and folders. Go down to More advanced options.
Be sure the first three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders

Please delete these files and folders using Windows Explorer(if present):
files=blue
folders=red

C:\WINDOWS\system32\exp
C:\WINDOWS\system32\ldlgdd.exe
C:\WINDOWS\system32\restore\rstrui.exe

Please Search for these files below seperately and delete if present using the following instructions:
Go to Start>Run>Search for Files and Folders>and type in the following files:
rdbund.exe

Restart back in Normal Mode.

Open up CCleaner at this time.
Click Run Cleaner (bottom right). When finished> Exit (top right) (reboot)

Run a new scan with HijackThis and post the results back in this thread for review. Also let me know how your system is running at this time.

Thank you,

Snickets

:tazz:
  • 0

#13
shibby_srd
Posted 26 August 2005 - 10:01 PM

shibby_srd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I still have no start bar, system tray or desktop icons. There were a few things you asked me to delete that werent there. Here is my new hijackThis log;
Logfile of HijackThis v1.99.1
Scan saved at 10:54:59 PM, on 8/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\removal equipment\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
F2 - REG:system.ini: Shell=
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKLM\..\RunOnce: [ATIPRB] C:\Program Files\ATI Technologies\ATI Control Panel\atiprbxx.exe /g
O4 - HKLM\..\RunOnce: [sphjfix] C:\DOCUME~1\Owner\Desktop\REMOVA~1\SPSEHJ~1\SPSEHJ~1.EXE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] C:\PROGRA~1\PANICW~1\POP-UP~2\PopUpStopperProfessional.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: cpcScanner - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123732435562
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O18 - Protocol: bw+0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
:tazz:
  • 0

#14
Snickets
Posted 29 August 2005 - 07:57 AM

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello shibby_srd,

There are still some files that we will need to get rid of on your machine to make sure that nothing is running that does not need to be. I think I know what to do in order to get your startbar back and the icons but let's make sure we get the machine fixed up first. Do you know if you installed the sponsor with MessengerPlus? If so then we will need to uninstall this and do some other fixes.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please disable AdWatch, as it may hinder the removal of some entries.
To disable AdWatch:

Open AdAware SE.
Go to AdWatch User Interface.
Go to Tools and Preferences.
At the bottom of the screen you will see 2 options Active and Automatic.
Active: This will turn Ad-Watch On\Off without closing it.
Automatic: Suspicious activity will be blocked automatically.
Uncheck both options. You can enable these after resolving your problem.

Now scan with HJT and place a checkmark next to each of the following items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
F2 - REG:system.ini: Shell=


I strongly suggest fixing this item below as it can be used to monitor your activity on the computer.

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
(Description: Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. This file is not malicious but can be used to monitor your activities.)

Optional-
Fixing them here will not prevent you from opening them manually as needed. Your choice to fix based on your needs:
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
(Description: HP monitoring tool. Unnecessary. Remove this to free up some system resources.)

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
(Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
(Description: HP software update checker and wizard launcher.)

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
(Description: HP software update checker and wizard launcher.)

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
(Description: Checks for updates to MS Works. Unnecessary. Removing this entry will free up some system resources. )

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
(Description: Logitech Image Studio system tray applet. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot
(Description: RealPlayer scheduler. Completely unnecessary. Removing this entry will free up a small amount of system resources.)

Close all open windows except for HJT, then click the Fix Checked button. Close HJT.

Please reboot your computer at this time.

After reboot please rescan with HijackThis and post a fresh log for me to review.

Thank you,

Snickets

:tazz:
  • 0

#15
shibby_srd
Posted 29 August 2005 - 12:27 PM

shibby_srd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
My desktop, start menu and system tray have miraculously returned. Thank you so much for your help. Here is my new hjt log;
Logfile of HijackThis v1.99.1
Scan saved at 1:24:04 PM, on 8/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PopUpStopperProfessional.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\removal equipment\hijackthis\HijackThis.exe
C:\PROGRA~1\MUSICM~1\Common\COMPON~1\MMCOMP~1.EXE

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [ATIPRB] C:\Program Files\ATI Technologies\ATI Control Panel\atiprbxx.exe /g
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] C:\PROGRA~1\PANICW~1\POP-UP~2\PopUpStopperProfessional.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: cpcScanner - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123732435562
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O18 - Protocol: bw+0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {63C91B08-13E0-43AF-B1CC-5267DED6862F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
:tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP