Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

WinTools [CLOSED]

Started by Salgal , Aug 28 2005 07:17 PM

  • This topic is locked This topic is locked

#1
Salgal
Posted 28 August 2005 - 07:17 PM

Salgal

    New Member

  • Member
  • Pip
  • 8 posts
I have ran all of the suggested scans, etc., and when I perform a system scan using the Panda Titanium Antivirus 2005 software I am still receiving a system file infection that states: Event: "Adware/WinTools The program says it has been eliminated however every time I conduct the scan it is there again. I have already tried to turn the system restore function off but it doesn't eliminate the infection. I am posting a HijackThis log for your review and help. Thanks

P.S. I cannot get the Windows SP2 to update, I haven't pursued it very heavily however, because I wanted to get the virus, malware, adware problem cleaned up first.

Thanks again,
Salgal


Logfile of HijackThis v1.99.1
Scan saved at 7:06:28 PM, on 8/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fmtc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [PcSync] PCsync.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKLM\..\RunServices: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download using Download &Express - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: DigiChat Applet - http://host2.digicha...s/Client_IE.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.sde.state...oad/CfxIEAx.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldw...5/pool/pool.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ww1.ez-tracks...itial/eztdl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://www.msnusers....UC/MsnPUpld.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldw...ared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124517412265
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldw...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...tterInstall.cab
O18 - Protocol: bw+0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
  • 0

Advertisements

#2
Buckeye_Sam
Posted 30 August 2005 - 01:48 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.
  • 0

#3
Salgal
Posted 30 August 2005 - 06:11 PM

Salgal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Sam -

Thanks for following up with me. I have not resolved the problem and am still receiving the same message when I scan with Panda Titanium. The following is a new HijackThis log for your review.

Thanks,
Logfile of HijackThis v1.99.1
Scan saved at 6:05:58 PM, on 8/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fmtc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [PcSync] PCsync.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKLM\..\RunServices: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download using Download &Express - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: DigiChat Applet - http://host2.digicha...s/Client_IE.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.sde.state...oad/CfxIEAx.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldw...5/pool/pool.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ww1.ez-tracks...itial/eztdl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://www.msnusers....UC/MsnPUpld.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldw...ared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124517412265
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldw...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...tterInstall.cab
O18 - Protocol: bw+0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
  • 0

#4
Buckeye_Sam
Posted 30 August 2005 - 08:17 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's clean up your log a bit. :tazz:

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [PcSync] PCsync.exe
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKLM\..\RunServices: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...tterInstall.cab
O18 - Protocol: bw+0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {97AE205A-DDFC-4519-85B3-BE67FB09C082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll



Reboot and post a new hijackthis log.
  • 0

#5
Salgal
Posted 30 August 2005 - 09:02 PM

Salgal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Okay, here is the new log after making the changes you suggested.

Logfile of HijackThis v1.99.1
Scan saved at 8:58:29 PM, on 8/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fmtc.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download using Download &Express - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: DigiChat Applet - http://host2.digicha...s/Client_IE.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.sde.state...oad/CfxIEAx.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldw...5/pool/pool.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ww1.ez-tracks...itial/eztdl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://www.msnusers....UC/MsnPUpld.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldw...ared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124517412265
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldw...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
  • 0

#6
Buckeye_Sam
Posted 31 August 2005 - 03:03 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

#7
Salgal
Posted 31 August 2005 - 06:39 PM

Salgal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
The following is the session log from the WebRoot SpySweeper. Thanks, Salgal

********
5:46 PM: |··· Start of Session, Wednesday, August 31, 2005 ···|
5:46 PM: Spy Sweeper started
5:46 PM: Sweep initiated using definitions version 525
5:46 PM: Starting Memory Sweep
5:50 PM: Memory Sweep Complete, Elapsed Time: 00:04:30
5:50 PM: Starting Registry Sweep
5:50 PM: Found Adware: 2020search
5:50 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1009\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (ID = 101916)
5:50 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1010\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (ID = 101916)
5:51 PM: Found Adware: delfin
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1008\software\delfin\ (3 subtraces) (ID = 124848)
5:51 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\delfin media viewer\ (2 subtraces) (ID = 124859)
5:51 PM: Found Adware: downloadware
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-501\software\downloadware\ (11 subtraces) (ID = 125353)
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-501\software\medialoads\ (2 subtraces) (ID = 125355)
5:51 PM: Found Adware: ebates money maker
5:51 PM: HKU\S-1-5-21-1246628124-677485609-1923152323-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {6685509e-b47b-4f47-8e16-9a5f3a62f683} (ID = 125587)
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1008\software\microsoft\internet explorer\extensions\cmdmapping\ || {6685509e-b47b-4f47-8e16-9a5f3a62f683} (ID = 125587)
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1009\software\microsoft\internet explorer\extensions\cmdmapping\ || {6685509e-b47b-4f47-8e16-9a5f3a62f683} (ID = 125587)
5:51 PM: Found Adware: webrebates
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1008\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}\ (6 subtraces) (ID = 125589)
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1009\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}\ (6 subtraces) (ID = 125589)
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1008\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}\ (6 subtraces) (ID = 125589)
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1009\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}\ (6 subtraces) (ID = 125589)
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1009\software\microsoft\internet explorer\menuext\ebates\ (2 subtraces) (ID = 125590)
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1009\software\microsoft\internet explorer\menuext\ebates\ (2 subtraces) (ID = 125590)
5:51 PM: Found Adware: effective-i toolbar
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1008\software\effective-i\ (ID = 125657)
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1008\software\maxthon\plugin\toolbar\{44be0690-5429-47f0-85bb-3ffd8020233e}\ (1 subtraces) (ID = 125661)
5:51 PM: Found Adware: golden palace casino
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1008\software\golden palace casino pt\ (20 subtraces) (ID = 126939)
5:51 PM: Found Adware: ieplugin
5:51 PM: HKLM\software\classes\typelib\{074a9743-0517-454c-b2f4-ff964de43e4c}\ (9 subtraces) (ID = 128168)
5:51 PM: HKU\S-1-5-21-1246628124-677485609-1923152323-1006\software\enhsrch\ (11 subtraces) (ID = 128172)
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1008\software\enhsrch\ (26 subtraces) (ID = 128172)
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1009\software\enhsrch\ (11 subtraces) (ID = 128172)
5:51 PM: HKCR\typelib\{074a9743-0517-454c-b2f4-ff964de43e4c}\ (9 subtraces) (ID = 128200)
5:51 PM: Found Adware: drsnsrch.com hijack
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1008\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1009\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1008\software\microsoft\internet explorer\searchurl\ (2 subtraces) (ID = 128212)
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1009\software\microsoft\internet explorer\searchurl\ (2 subtraces) (ID = 128212)
5:51 PM: Found Adware: ist software
5:51 PM: HKCR\istx.installer\ (5 subtraces) (ID = 129073)
5:51 PM: Found Adware: ist istbar
5:51 PM: HKLM\software\classes\istx.installer.2\ (3 subtraces) (ID = 129095)
5:51 PM: HKLM\software\classes\istx.installer\ (5 subtraces) (ID = 129096)
5:51 PM: HKLM\software\classes\istx.installer\clsid\ (1 subtraces) (ID = 129097)
5:51 PM: HKLM\software\classes\istx.installer\curver\ (1 subtraces) (ID = 129098)
5:51 PM: Found Adware: 180search assistant/zango
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-501\software\180solutions\ (15 subtraces) (ID = 135617)
5:51 PM: Found System Monitor: networkessentials
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-501\software\hopper\ (10 subtraces) (ID = 136157)
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-501\software\updater\ (2 subtraces) (ID = 136178)
5:51 PM: Found Adware: tibs dialer
5:51 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\tl4000.dll (ID = 143747)
5:51 PM: Found Adware: websearch toolbar
5:51 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\qdow.dll (ID = 146496)
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-501\software\wintools\ (10 subtraces) (ID = 146514)
5:51 PM: Found Adware: websearch.com hijacker
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-501\software\microsoft\internet explorer\main\ || search bar (ID = 146561)
5:51 PM: Found Adware: sidesearch
5:51 PM: HKU\S-1-5-21-1246628124-677485609-1923152323-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1008\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1009\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-1010\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
5:51 PM: Found Adware: cydoor
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-501\software\cydoor\ (120 subtraces) (ID = 639126)
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-501\software\cydoor services\ (12 subtraces) (ID = 639128)
5:51 PM: HKU\WRSS_Profile_S-1-5-21-1246628124-677485609-1923152323-501\software\wintools\ (10 subtraces) (ID = 646241)
5:51 PM: Registry Sweep Complete, Elapsed Time:00:01:04
5:52 PM: Starting Cookie Sweep
5:52 PM: Found Spy Cookie: 2o7.net cookie
5:52 PM: michael@2o7[2].txt (ID = 1957)
5:52 PM: Found Spy Cookie: advertising cookie
5:52 PM: michael@advertising[1].txt (ID = 2175)
5:52 PM: Found Spy Cookie: atwola cookie
5:52 PM: [email protected][2].txt (ID = 2256)
5:52 PM: Found Spy Cookie: atlas dmt cookie
5:52 PM: michael@atdmt[2].txt (ID = 2253)
5:52 PM: michael@atwola[1].txt (ID = 2255)
5:52 PM: Found Spy Cookie: servedby advertising cookie
5:52 PM: [email protected][1].txt (ID = 3335)
5:52 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
5:52 PM: Starting File Sweep
5:52 PM: Found Adware: eztracks toolbar
5:52 PM: c:\program files\eztracks (4 subtraces) (ID = -2147481005)
5:52 PM: c:\program files\ez-tracks (1 subtraces) (ID = -2147481006)
5:52 PM: Found Adware: ie access
5:52 PM: c:\windows\htmlaccess (7 subtraces) (ID = -2147481468)
5:52 PM: Warning: Failed to open file "c:\recycler\\dc14875.log". The system cannot find the file specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc240.dmp". The system cannot find the file specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc9126.hpi". The system cannot find the file specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc12985\500mbbluebg[1].gif". The system cannot find the path specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc14480.dll". The system cannot find the file specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc3985.tmp". System Error. Code: 2.
The system cannot find the file specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc12887\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc12927\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc12929.db". System Error. Code: 2.
The system cannot find the file specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc12932.db". System Error. Code: 2.
The system cannot find the file specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc12935\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc12937\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc12939\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc12941\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc12943\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc12945\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc12947\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc12949\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc12951\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc12953\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc12955\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc12957\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc12959\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc12961\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc14201.log". The system cannot find the file specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc3624.html". The system cannot find the file specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc12888\index.html". The system cannot find the path specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc3438.dir00\appcompat.txt". The system cannot find the path specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc195.tmp". The system cannot find the file specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc3537.html". The system cannot find the file specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc9192.tmp". The system cannot find the file specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc3471.htm". The system cannot find the file specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc14859.tmp". The system cannot find the file specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc13276.mst". The system cannot find the file specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc191.tmp". The system cannot find the file specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc13925.tmp". The system cannot find the file specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc12922\ferretcookiecache". The system cannot find the path specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc9111.exe". The system cannot find the file specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc12963\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc12965\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc7523.tmp". System Error. Code: 2.
The system cannot find the file specified
5:52 PM: Warning: Failed to read file "c:\recycler\\dc13095.tmp". System Error. Code: 2.
The system cannot find the file specified
5:52 PM: kwv2.dat (ID = 63356)
5:52 PM: Warning: Failed to open file "c:\recycler\\dc7727.tmp". The system cannot find the file specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc14864.tmp". The system cannot find the file specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc12982\b_755700[1].htm". The system cannot find the path specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc9269.htm". The system cannot find the file specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc14855.tmp". The system cannot find the file specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc3496.htm". The system cannot find the file specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc13192.htm". The system cannot find the file specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc9194.tmp". The system cannot find the file specified
5:52 PM: Warning: Failed to open file "c:\recycler\\dc12922\ferretadvertcacheindex". The system cannot find the path specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc3554.dat". The system cannot find the file specified
5:53 PM: Warning: Failed to read file "c:\recycler\\dc9266.dll". System Error. Code: 2.
The system cannot find the file specified
5:53 PM: Warning: Failed to read file "c:\recycler\\dc7673.tmp". System Error. Code: 2.
The system cannot find the file specified
5:53 PM: Warning: Failed to read file "c:\recycler\\dc4047.tmp". System Error. Code: 2.
The system cannot find the file specified
5:53 PM: Warning: Failed to read file "c:\recycler\\dc7570.tmp". System Error. Code: 2.
The system cannot find the file specified
5:53 PM: Warning: Failed to read file "c:\recycler\\dc3933.tmp". System Error. Code: 2.
The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc387.tmp". The system cannot find the file specified
5:53 PM: Found Adware: shopathomeselect
5:53 PM: gah95on6.ini (ID = 75741)
5:53 PM: Warning: Failed to open file "c:\recycler\\dc13195.htm". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc9190.tmp". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc7728.tmp". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc13186.htm". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc47\revnampa1.pb2". The system cannot find the path specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc12984\b_720900[1].gif". The system cannot find the path specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc9310.tmp". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc13959.log". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc3529.dir00\appcompat.txt". The system cannot find the path specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc13051.htm". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc14476.htm". The system cannot find the file specified
5:53 PM: Warning: Failed to read file "c:\recycler\\dc13163.tmp". System Error. Code: 2.
The system cannot find the file specified
5:53 PM: Warning: Failed to read file "c:\recycler\\dc3644\kdx\thumbnails\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
5:53 PM: Warning: Failed to read file "c:\recycler\\dc3995.tmp". System Error. Code: 2.
The system cannot find the file specified
5:53 PM: Warning: Failed to read file "c:\recycler\\dc3914.tmp". System Error. Code: 2.
The system cannot find the file specified
5:53 PM: Warning: Failed to read file "c:\recycler\\dc13132.tmp". System Error. Code: 2.
The system cannot find the file specified
5:53 PM: Warning: Failed to read file "c:\recycler\\dc13121.tmp". System Error. Code: 2.
The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc14771.htm". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc14074.htm". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc13958.log". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc14002.log". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc14479.dll". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc13216.mst". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc14005.log". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc3539.log". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc13899.log". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc9191.tmp". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc13180.htm". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc9304.rtf". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc12646\external\norton\app\navstub.exe". The system cannot find the path specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc14472.tmp". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc12646\external\norton\app\undoboot.exe". The system cannot find the path specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc9274.exe". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc9115.tmp". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc7413\kdx\cache\progressbluefill.gif". The system cannot find the path specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc22215\aces high\terrains\dueling.res". The system cannot find the path specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc13183.dmp". The system cannot find the file specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc7413\kdx\cache\refauth.html". The system cannot find the path specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc7413\kdx\cache\refcomplete.html". The system cannot find the path specified
5:53 PM: Warning: Failed to open file "c:\recycler\\dc14225.htm". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc13122.tmp". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc12985\americansingles[1].gif". The system cannot find the path specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc9200.tmp". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc7413\kdx\cache\refsubcomplete.html". The system cannot find the path specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc168.tmp". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc169.tmp". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc14473.tmp". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc13144.tmp". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc7413\kdx\cache\findanim.gif". The system cannot find the path specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc13296.htm". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc14017.log". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc14003.log". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc13219.mst". The system cannot find the file specified
5:54 PM: Warning: Failed to read file "c:\recycler\\dc4041.tmp". System Error. Code: 2.
The system cannot find the file specified
5:54 PM: Warning: Failed to read file "c:\recycler\\dc3975.tmp". System Error. Code: 2.
The system cannot find the file specified
5:54 PM: Warning: Failed to read file "c:\recycler\\dc7606.tmp". System Error. Code: 2.
The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc14020.log". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc147.dir00\appcompat.txt". The system cannot find the path specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc9270.html". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc13228.mst". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc13950.log". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc14018.log". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc12991.dir00\appcompat.txt". The system cannot find the path specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc14021.log". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc7515.tmp". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc13142.tmp". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc14013.log". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc14015.log". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc47\revnampa1.pl2". The system cannot find the path specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc14478.dll". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc7558.tmp". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc12992.dir00\appcompat.txt". The system cannot find the path specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc7704.mst". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc7698.htm". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc9125.txt". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc9319.htm". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc9117.tmp". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc12646\external\norton\app\navdx.exe". The system cannot find the path specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc14482.exe". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc3444.exe". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc208.tmp". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc13003.dir00\alg.exe.mdmp". The system cannot find the path specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc7623.tmp". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc7677.tmp". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc13207.htm". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc14030.htm". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc13978.log". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc9294.log". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc13952.log". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc7675.tmp". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc164.tmp". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc3552.tmp". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc165.tmp". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc167.tmp". The system cannot find the file specified
5:54 PM: Warning: Failed to open file "c:\recycler\\dc3455.gif". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc22215\aces high\settings\jsmap.cfg". The system cannot find the path specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc22215\aces high\settings\sounds.cfg". The system cannot find the path specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc210.tmp". The system cannot find the file specified
5:55 PM: ncase.ini (ID = 70576)
5:55 PM: Warning: Failed to read file "c:\recycler\\dc32\my downloads\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc14095.ttf". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc3452.htm". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc13178.tmp". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc12979.tmp\disk1\setup.exe". The system cannot find the path specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc12975.tmp\disk1\setup.exe". The system cannot find the path specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc14082.html". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc13253.tmp". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc3480.htm". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc14884.loc". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc14474.int". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc14882.loc". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc13289.int". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc14767.int". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc13003.dir00\manifest.txt". The system cannot find the path specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc9308.tmp". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc14026.log". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc13225.mst". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc13912.log". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc14006.log". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc14007.log". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc14008.log". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc14009.log". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc14010.log". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc14011.log". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc14012.log". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc14014.log". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc13200.htm". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc47\revnampa.pl2". The system cannot find the path specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc13079.ini". The system cannot find the file specified
5:55 PM: Warning: Failed to open file "c:\recycler\\dc14861.tmp". The system cannot find the file specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc13196.htm". The system cannot find the file specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc13292.htm". The system cannot find the file specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc3478.htm". The system cannot find the file specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc3456.htm". The system cannot find the file specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc9311.tmp". The system cannot find the file specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc3517.htm". The system cannot find the file specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc3481.htm". The system cannot find the file specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc9312.tmp". The system cannot find the file specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc3436.dir00\appcompat.txt". The system cannot find the path specified
5:56 PM: Warning: Failed to read file "c:\recycler\\dc21\thumbs.db". System Error. Code: 3.
The system cannot find the path specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc3475.htm". The system cannot find the file specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc13050.txt". The system cannot find the file specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc13239.tmp". The system cannot find the file specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc3477.gif". The system cannot find the file specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc13060.tmp". The system cannot find the file specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc14860.tmp". The system cannot find the file specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc3486.gif". The system cannot find the file specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc13241.tmp". The system cannot find the file specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc12983\b_630700[1].htm". The system cannot find the path specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc12982\yourname-whitebg[1].gif". The system cannot find the path specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc7735.cab". The system cannot find the file specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc145.dir00\appcompat.txt". The system cannot find the path specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc13255.tmp". The system cannot find the file specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc7694.htm". The system cannot find the file specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc12982\b_667100[1].gif". The system cannot find the path specified
5:56 PM: Warning: Failed to open file "c:\recycler\\dc12646\external\commonfi\symshare\djsnetcn.exe". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc9104.exe". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc3586.log". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc9307.tmp". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc9124.txt". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc3584.dat". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc7413\kdx\cache\reffindagain.html". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc7742.tmp". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc13258.tmp". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc7696.tmp". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc12654\memscan\memscan.exe". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc12966.tmp\_setup.dll". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc13023.dir00\appcompat.txt". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc130\pnrs3260.dll". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc413.log". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc384.cnf". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc381.log". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc3533.dir00\appcompat.txt". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc12967.tmp\_setup.dll". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc7413\kdx\cache\previewpanecomp.html". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc47\revnampa.pa1". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc47\revnampa.pb1". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc3484.gif". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc3457.htm". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc13006.dir00\appcompat.txt". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc12980.tmp\disk1\setup.exe". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc13027.tmp\system.drawing.design.dll". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc13166.tmp". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc13247.tmp". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc13248.tmp". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc7649.tmp". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc47\revnampa.pl1". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc13152.tmp". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc12654\cccommon\cccommon\commonfi\symshare\cclgview.exe". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc13001.dir00\appcompat.txt". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc12654\cccommon\cccommon\commonfi\symshare\ccevtmgr.exe". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc13242.tmp". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc47\revnampa1.pl1". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc7725.tmp". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc13240.tmp". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc47\revnampa1.pb1". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc9300.rtf". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc12493.exe". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc47\revnampa1.pa1". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc3439.tmp\system.drawing.design.dll". The system cannot find the path specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc13080.tmp". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc386.tmp". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc199.tmp". The system cannot find the file specified
5:57 PM: Warning: Failed to open file "c:\recycler\\dc13064.log". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc13205.dmp". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc13177.tmp". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc12984\class3codesigningca2001[1].crl". The system cannot find the path specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc12983\b_721300[1].htm". The system cannot find the path specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc7413\kdx\cache\mydelmenu.html". The system cannot find the path specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc13104.tmp". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc13106.tmp". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc7413\kdx\cache\gamespot.gif". The system cannot find the path specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc13256.tmp". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc13115.tmp". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc9301.rtf". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc13245.tmp". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc13126.tmp". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc12977.tmp\disk1\setup.exe". The system cannot find the path specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc13968.log". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc13951.log". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc13949.log". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc14024.log". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc13254.tmp". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc13259.tmp". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc3507.htm". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc7749.dat". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc3489.htm". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc3466.htm". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc13112.tmp". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc22203\loading.jpg". The system cannot find the path specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc13260.tmp". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc13257.tmp". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc13243.tmp". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc3445.gif". The system cannot find the file specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc13016.dir00\appcompat.txt". The system cannot find the path specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc12978.tmp\disk1\setup.exe". The system cannot find the path specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc12987\mtsaxinstaller.exe". The system cannot find the path specified
5:58 PM: Warning: Failed to open file "c:\recycler\\dc7413\kdx\cache\previewpaneblank.html". The system cannot find the path specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc9305.rtf". The system cannot find the file specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc14235.htm". The system cannot find the file specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc14862.tmp". The system cannot find the file specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc13161.tmp". The system cannot find the file specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc397.html". The system cannot find the file specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc7720.dmp". The system cannot find the file specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc166.tmp". The system cannot find the file specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc13250.tmp". The system cannot find the file specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc13251.tmp". The system cannot find the file specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc13249.tmp". The system cannot find the file specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc7413\kdx\cache\player.html". The system cannot find the path specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc13252.tmp". The system cannot find the file specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc7413\kdx\cache\traymenu.html". The system cannot find the path specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc12984\b_619200[1].htm". The system cannot find the path specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc9102.log". The system cannot find the file specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc12985\b_567200[1].htm". The system cannot find the path specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc12983\b_712400[1].htm". The system cannot find the path specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc9214.tmp". The system cannot find the file specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc14191.tmp". The system cannot find the file specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc14192.tmp". The system cannot find the file specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc9276.log". The system cannot find the file specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc14193.tmp". The system cannot find the file specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc12973.tmp\upgrade.exe". The system cannot find the path specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc13160.tmp". The system cannot find the file specified
5:59 PM: Warning: Failed to open file "c:\recycler\\dc7413\kdx\cache\previewpaneprog.html". The system cannot find the path specified
6:00 PM: Warning: Failed to open file "c:\recycler\\dc15006.htm". The system cannot find the file specified
6:00 PM: Warning: Failed to open file "c:\recycler\\dc14874.htm". The system cannot find the file specified
6:00 PM: Warning: Failed to open file "c:\recycler\\dc14768.htm". The system cannot find the file specified
6:00 PM: Warning: Failed to open file "c:\recycler\\dc13021.dir00\appcompat.txt". The system cannot find the path specified
6:00 PM: Warning: Failed to open file "c:\recycler\\dc7413\kdx\cache\background2.jpg". The system cannot find the path specified
6:00 PM: Warning: Failed to open file "c:\recycler\\dc209.tmp". The system cannot find the file specified
6:00 PM: Warning: Failed to open file "c:\recycler\\dc7413\kdx\cache\mydel.html". The system cannot find the path specified
6:00 PM: Warning: Failed to open file "c:\recycler\\dc31\httpencoder.dll". The system cannot find the path specified
6:00 PM: Warning: Failed to open file "c:\recycler\\dc3446.htm". The system cannot find the file specified
6:00 PM: Warning: Failed to open file "c:\recycler\\dc9284.tmp". The system cannot find the file specified
6:00 PM: Warning: Failed to open file "c:\recycler\\dc14004.log". The system cannot find the file specified
6:00 PM: Warning: Failed to open file "c:\recycler\\dc3503.htm". The system cannot find the file specified
6:00 PM: Warning: Failed to open file "c:\recycler\\dc12985\b_670400[1].gif". The system cannot find the path specified
6:00 PM: Warning: Failed to read file "c:\recycler\\dc3939.tmp". System Error. Code: 2.
The system cannot find the file specified
6:00 PM: Warning: Failed to open file "c:\recycler\\dc13184.htm". The system cannot find the file specified
6:00 PM: Warning: Failed to open file "c:\recycler\\dc13270.htm". The system cannot find the file specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc133\index.dat". The system cannot find the path specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc14872.tmp". The system cannot find the file specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc7413\kdx\cache\accelerated.gif". The system cannot find the path specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc13237.tmp". The system cannot find the file specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc13231.tmp". The system cannot find the file specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc12646\upswplug.exe". The system cannot find the path specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc13246.tmp". The system cannot find the file specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc13201.htm". The system cannot find the file specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc13238.tmp". The system cannot find the file specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc7413\kdx\cache\complete.html". The system cannot find the path specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc14202.bak". The system cannot find the file specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc7413\kdx\cache\subs_off.gif". The system cannot find the path specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc7413\kdx\cache\subs_on.gif". The system cannot find the path specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc3556.log". The system cannot find the file specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc13191.htm". The system cannot find the file specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc12968.tmp\_setup.dll". The system cannot find the path specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc14194.tmp". The system cannot find the file specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc9349.txt". The system cannot find the file specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc12646\external\norton\app\navwnt.exe". The system cannot find the path specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc7413\kdx\cache\pending_off.gif". The system cannot find the path specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc7413\kdx\cache\pending_on.gif". The system cannot find the path specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc3449.gif". The system cannot find the file specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc9222.tmp". The system cannot find the file specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc13169.tmp". The system cannot find the file specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc13233.tmp". The system cannot find the file specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc9107.tmp". The system cannot find the file specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc13234.tmp". The system cannot find the file specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc13232.tmp". The system cannot find the file specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc22203\readme.txt". The system cannot find the path specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc22203\theuninstallfile.txt". The system cannot find the path specified
6:01 PM: Warning: Failed to open file "c:\recycler\\dc13235.tmp". The system cannot find the file specified
  • 0

#8
Buckeye_Sam
Posted 01 September 2005 - 02:56 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please post a new hijackthis log. Are you still seeing Wintools from Panda?
  • 0

#9
Salgal
Posted 06 September 2005 - 06:48 AM

Salgal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Yes, I am still receiving the WinTools in Panda. Here is the latest HiJack This log for your review. My internet provider has been down therefore the delay in my responding to you. Thanks for any assistance you can offer.

Salgal

Logfile of HijackThis v1.99.1
Scan saved at 6:45:42 AM, on 9/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fmtc.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download using Download &Express - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: DigiChat Applet - http://host2.digicha...s/Client_IE.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.sde.state...oad/CfxIEAx.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldw...5/pool/pool.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ww1.ez-tracks...itial/eztdl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://www.msnusers....UC/MsnPUpld.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldw...ared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124517412265
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldw...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • 0

#10
Buckeye_Sam
Posted 06 September 2005 - 03:28 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Flush your system restore, this will delete any restore points that you have but it will also make sure that any malware hiding in system restore will be booted off.

Turn off System Restore:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.


Run a scan with Panda to see if you still find Wintools. If you do, please post the log from Panda so I can see exactly what it is finding.
  • 0

Advertisements

#11
Salgal
Posted 06 September 2005 - 09:05 PM

Salgal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I turned off the System Restore and ran the Panda Scan. The WinTools is still there. It always says it has been eliminated however everytime I run the scan it is there. The following is the summary report from the scan.
Panda Titanium Antivirus 2005 incident report


EVENT DATE RESULTS ADDITIONAL INFORMATION
--------------------------------------------------------------------------------------------------------------------------------------------
Scan completed 09/06/05 20:59:30 Scan: System
Adware detected: Adware/WinTools 09/06/05 20:57:54 Eliminated Location: Windows Registry
Scan started 09/06/05 20:56:32 Scan: System
  • 0

#12
Buckeye_Sam
Posted 07 September 2005 - 03:19 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's clean your registry out a bit:
  • Please dowload: RegSeeker.
  • Click on "Clean The Registry" in the left panel.
  • Check all boxes (make sure the backup box in the lower left corner is selected!).
  • After it runs, click "Select All" on the bottom, then right-click on any selected item in the window and select "Delete Selected Items".
  • Click "Quit RegSeeker".
Now, open any of your installed programs, and make sure that everything opens ok. If so, reboot, then go back and run the RegSeeker again, do the same thing again if anything is found. When RegSeeker finds nothing else, then it's clean!


Does Panda offer you any more specific information?
  • 0

#13
Salgal
Posted 10 September 2005 - 09:22 PM

Salgal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I downloaded the RegSeeker and have run it several times, however, it will not delete a total of 30 files. They are as follows:
HKEY_CLASSES_ROOT:
12 - extension not used files, 7 Invalid Active X/Com Entry (CLSID) files, 3 file
or path does not exist files
HKEY_CURRENT_USER:
4 - extension not used files
HKEY_LOCAL_MACHINE:
1 - file type not used files
1 - obsolete entry file
2 - file or path does not exist files.

Panda does not give any more details regarding the adware\WinTools. The information I sent is all the information it provides.

Salgal
  • 0

#14
Salgal
Posted 10 September 2005 - 09:27 PM

Salgal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Oh yeah - I also meant to let you know that while I was in RegSeeker I used the find file search and searched WinTools and it found the following three files. Not sure if this is helpful and/or if it means anything but I thought I would share it.

HKEY_LOCAL_MACHINE
SYSTEM\ControlSet002\Enum\Root\LEGACY_WINTOOLSSVC

HKEY_LOCAL_MACHINE
SYSTEM\ControlSet002\Enum\Root\LEGACY_WINTOOLSSVC\0000
Service WinToolsSvc

HKEY_LOCAL_MACHINE
SYSTEM\ControlSet002\Enum\Root\LEGACY_WINTOOLSSVC\0000
DeviceDesc WinTools for IE service

Salgal
  • 0

#15
Buckeye_Sam
Posted 11 September 2005 - 06:25 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
That's your culprit! Can you delete those registry entries?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP