Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Melware Problem [RESOLVED]


  • This topic is locked This topic is locked

#1
JIMMYC

JIMMYC

    Member

  • Member
  • PipPip
  • 12 posts
Hello,

Could someone please help.

I am having a problem trying to get rid of the Malware on my computer. It all started when I noticed wallpaper that Said "Spyware Infection" that locked on my desktop. So I began to use nortons corporate edition. Also run Ad-aware,spybot seach and MS Anti spyware. I went through each and every step that was given in the Malware removal forum. I slowed down the speed of the pop ups and got rid of the viruses that I know of. But I will still come up with spyware(spybot brings up:Avenue A, Inc and MediaPlex) when I run each of the spyware programs. So as the Malware removal forum said I moved onto the next step which is installing a program called Hijackthis. I am not familar with this program. Here is the log please if you could tell me what I should remove. Please any help I would really appriciate anything. I am really in need.

Logfile of HijackThis v1.99.1
Scan saved at 4:31:46 PM, on 10/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Linksys\WUSB11 v25 Config Utility\WUSB11Cfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O18 - Protocol: bw+0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: style32 - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Smlt\command.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  • 0

Advertisements


#2
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
Hi JIMMYC, Welcome to GTG !! :tazz:

Sorry for the delay in reviewing your post

Since it has been so long, lets begin by downloading and running a few programs to help clean things up :

Download and Install Ewido Security Suite© by Ewido Networks
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update ewido to the latest definition files.
On the left hand side of the main screen click update
Then click on Start Update
The update will start and a progress bar will show the updates being installed.
Close Ewido when updates finish

Download and Install CCleaner© by CCleaner.com

Run Ewido Security Suite
Click on scanner
Click on Complete System Scan and the scan will begin.
NOTE:During some scans with ewido it is finding cases of false positives.**See Below**

**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

You will need to step through the process of cleaning files one-by-one.
If ewido detects a file you KNOW to be legitimate, select none as the action.
DO NOT select "Perform action on all infections"
If you are unsure of any entry found select none for now.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report.txt file to your desktop.
Now close Ewido Security Suite.

Run CCleaner
SETUP
DO NOT USE THE ISSUES TAB!!!!
Open CCleaner
Options, Advanced: Uncheck "Only delete files in Windows Temp folders older than 48 hours" (for cleaning malware files!)

Options, Settings: Check "Run CCleaner when system starts" (optional)
Options, Settings: Check "Add 'Run Cleaner' option to Recycle Bin context menu" (optional)

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Options>CustomFolders>Add Folder>Navigate to these folders (click on bold file once and hit OK) :
* C:\Windows\Temp\
* C:\Windows\Prefetch
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ (This will delete all your cached internet content including cookies.)
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
Hit OK
In left pane, scroll down to "Advanced, Custom Folders", put a check in Custom Folders
Then click on Run Cleaner.
Put check in box to not show message again.
It will automatically clean.

Close out CCleaner.

Please run one of these Online Virus Scans :

TrendMicro Housecall
Note: you must use Internet Explorer, other browsers will not work.
Under "Scan your PC", please click Scan now. It's free!
Select your location and click the Go button.
Click the red magnifying glass button.
Select Complete Scan.
Please be patient while Housecall downloads.
Please allow the ActiveX Control and when prompted click install
Put a check next to My Computer
Leave the following checked:
Scan for Spyware
Check security vulnerabilities

Click the Next button.
It will download the latest scan engine and pattern files.
When the definitions have been downloaded, the scan will start.
After it's done scanning it will take you to the summary page.
Click the Next button.
Click the drop-down to choose delete or remove on each bad guy found, if you receive a prompt click OK.
Click the Next button to move onto the recovery (final) portion of the scan.
After everything has been removed, please click the show button on everything.
Highlight all the of text and press CTRL + C to copy the text.

OR

Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:
Select My Computer

Then the program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.

Now please run HijackThis again

Reboot and post the new HijackThis Log, Ewido Log, and the Virus Scan Log here.

Edited by Linkmaster, 31 October 2005 - 05:56 PM.

  • 0

#3
JIMMYC

JIMMYC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hey Linkmaster,

I am very greatful for your reply. I did everything you asked me to do. Here are the results.
Again thank you so much.

--------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:57:04 PM, 10/31/2005
+ Report-Checksum: F844835B

+ Scan result:

HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Ignored
:mozilla.23:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.24:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.25:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.247realmedia : Ignored
:mozilla.26:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.247realmedia : Ignored
:mozilla.27:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.247realmedia : Ignored
:mozilla.28:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.29:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.30:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.31:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.32:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.33:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.34:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.35:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.36:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.37:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.38:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.39:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.40:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.41:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.42:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.43:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.44:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.45:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.46:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.47:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.48:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.49:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.63:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.64:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.65:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.68:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Clickhype : Ignored
:mozilla.84:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.85:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.86:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.87:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.111:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.121:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.122:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.123:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.124:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.125:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.141:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.142:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Burstnet : Ignored
:mozilla.154:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.155:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.156:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Centrport : Ignored
:mozilla.172:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Com : Ignored
:mozilla.173:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Com : Ignored
:mozilla.178:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.179:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.180:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.181:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.182:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.183:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.184:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.185:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.186:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.187:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.188:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.189:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.190:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.191:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.192:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.193:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.194:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.195:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.196:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.197:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.220:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.221:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.222:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.223:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.224:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.225:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.226:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.227:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.228:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.229:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.230:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.231:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.232:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.233:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.234:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.235:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.237:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.238:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.239:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.240:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.241:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.242:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.243:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.244:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.245:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.246:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.247:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.248:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.266:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Ru4 : Ignored
:mozilla.267:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Ru4 : Ignored
:mozilla.326:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Hypertracker : Ignored
:mozilla.333:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Masterstats : Ignored
:mozilla.377:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.380:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.428:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Overture : Ignored
:mozilla.429:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Overture : Ignored
:mozilla.435:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Paycounter : Ignored
:mozilla.442:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Overture : Ignored
:mozilla.450:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Qksrv : Ignored
:mozilla.451:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Qksrv : Ignored
:mozilla.452:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Questionmarket : Ignored
:mozilla.466:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Revenue : Ignored
:mozilla.475:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Adjuggler : Ignored
:mozilla.476:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Adjuggler : Ignored
:mozilla.477:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Liveperson : Ignored
:mozilla.478:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Liveperson : Ignored
:mozilla.492:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Liveperson : Ignored
:mozilla.493:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Liveperson : Ignored
:mozilla.494:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Liveperson : Ignored
:mozilla.495:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.496:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.497:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.498:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.499:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.509:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Spylog : Ignored
:mozilla.510:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.511:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.512:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.513:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.514:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.515:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.516:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.517:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.518:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.519:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.520:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.521:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.545:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.546:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.593:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Ignored
:mozilla.698:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.699:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.700:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.701:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.702:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.703:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.704:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.705:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.710:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.711:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.713:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Ignored
:mozilla.714:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Ignored
C:\Documents and Settings\Jim\Cookies\jim@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Ignored
C:\Documents and Settings\Jim\Cookies\jim@2o7[1].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\Jim\Cookies\jim@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Ignored
C:\Documents and Settings\Jim\Cookies\jim@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Ignored
C:\Documents and Settings\Jim\Cookies\jim@advertising[1].txt -> Spyware.Cookie.Advertising : Ignored
C:\Documents and Settings\Jim\Cookies\jim@adviva[2].txt -> Spyware.Cookie.Adviva : Ignored
C:\Documents and Settings\Jim\Cookies\jim@atdmt[2].txt -> Spyware.Cookie.Atdmt : Ignored
C:\Documents and Settings\Jim\Cookies\jim@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Ignored
C:\Documents and Settings\Jim\Cookies\jim@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Ignored
C:\Documents and Settings\Jim\Cookies\jim@chumtv.122.2o7[1].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\Jim\Cookies\jim@commission-junction[2].txt -> Spyware.Cookie.Commission-junction : Ignored
C:\Documents and Settings\Jim\Cookies\jim@com[2].txt -> Spyware.Cookie.Com : Ignored
C:\Documents and Settings\Jim\Cookies\jim@counter.hitslink[1].txt -> Spyware.Cookie.Hitslink : Ignored
C:\Documents and Settings\Jim\Cookies\jim@counter2.hitslink[1].txt -> Spyware.Cookie.Hitslink : Ignored
C:\Documents and Settings\Jim\Cookies\jim@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Ignored
C:\Documents and Settings\Jim\Cookies\jim@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Ignored
C:\Documents and Settings\Jim\Cookies\jim@e-2dj6wjlioidpcko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Jim\Cookies\jim@e-2dj6wjmygodpecp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Jim\Cookies\jim@e-2dj6wjnygkczwfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Jim\Cookies\jim@ehg-mybc.hitbox[2].txt -> Spyware.Cookie.Hitbox : Ignored
C:\Documents and Settings\Jim\Cookies\jim@estat[1].txt -> Spyware.Cookie.Estat : Ignored
C:\Documents and Settings\Jim\Cookies\jim@fastclick[1].txt -> Spyware.Cookie.Fastclick : Ignored
C:\Documents and Settings\Jim\Cookies\jim@gettyimages.122.2o7[1].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\Jim\Cookies\jim@hitbox[2].txt -> Spyware.Cookie.Hitbox : Ignored
C:\Documents and Settings\Jim\Cookies\jim@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Ignored
C:\Documents and Settings\Jim\Cookies\jim@microsoftwga.112.2o7[2].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\Jim\Cookies\jim@news.com[2].txt -> Spyware.Cookie.Com : Ignored
C:\Documents and Settings\Jim\Cookies\jim@paycounter[2].txt -> Spyware.Cookie.Paycounter : Ignored
C:\Documents and Settings\Jim\Cookies\jim@perf.overture[1].txt -> Spyware.Cookie.Overture : Ignored
C:\Documents and Settings\Jim\Cookies\jim@pro-market[2].txt -> Spyware.Cookie.Pro-market : Ignored
C:\Documents and Settings\Jim\Cookies\jim@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Ignored
C:\Documents and Settings\Jim\Cookies\jim@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Ignored
C:\Documents and Settings\Jim\Cookies\jim@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Ignored
C:\Documents and Settings\Jim\Cookies\jim@statcounter[1].txt -> Spyware.Cookie.Statcounter : Ignored
C:\Documents and Settings\Jim\Cookies\jim@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Ignored
C:\Documents and Settings\Jim\Cookies\jim@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Ignored
C:\Documents and Settings\Jim\Cookies\jim@valueclick[1].txt -> Spyware.Cookie.Valueclick : Ignored
C:\Documents and Settings\Jim\Cookies\jim@web4.realtracker[2].txt -> Spyware.Cookie.Realtracker : Ignored
C:\Documents and Settings\Jim\Cookies\jim@weborama[1].txt -> Spyware.Cookie.Weborama : Ignored
C:\Documents and Settings\Jim\Cookies\jim@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Ignored
C:\Documents and Settings\Jim\Local Settings\Temp\Cookies\jim@com[2].txt -> Spyware.Cookie.Com : Ignored
C:\Documents and Settings\Jim\Local Settings\Temp\Rar$EX00.250\crackmasters.exe/loadadv458.exe -> TrojanDownloader.Small.brk : Ignored
C:\Documents and Settings\Jim\Local Settings\Temp\Rar$EX00.250\crackmasters.exe/loadadv458.exe -> TrojanDownloader.Small.brk : Ignored
C:\Documents and Settings\Jim\Local Settings\Temp\Temporary Internet Files\Content.IE5\NXL3LZEZ\drsmartload_js[1].htm -> TrojanDownloader.IstBar.j : Ignored
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\WXE3SHM3\AppWrap[1].exe -> TrojanDropper.Agent.pb : Ignored
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll -> TrojanSpy.Agent.bu : Ignored
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> TrojanSpy.Agent.bu : Ignored
C:\WINDOWS\Smlt\asappsrv.dll -> Spyware.CommAd : Ignored
C:\WINDOWS\system32\dn8601lse.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\mjg6huph.dll -> Adware.Saha : Ignored
C:\WINDOWS\system32\mocorier.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\tool3.exe -> TrojanDownloader.VB.qr : Ignored
HKLM\SOFTWARE\GIANTCompany\AntiSpyware\CleanerExe\DelRegValues\\1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar -> Spyware.UCmore : Cleaned with backup
HKLM\SOFTWARE\GIANTCompany\AntiSpyware\CleanerExe\DelRegValues\\2 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar -> Spyware.UCmore : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\Cookies\jim@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup


::Report End



-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, October 31, 2005 22:46:27
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 1/11/2005
Kaspersky Anti-Virus database records: 157551
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 63223
Number of viruses found: 11
Number of infected objects: 18
Number of suspicious objects: 3
Duration of the scan process: 6266 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Jim\Desktop\AutoCAD 2006\Keygen.exe Suspicious: Type_Win32
C:\Documents and Settings\Jim\My Documents\My Music\Autocad 2006 Full Version English Keygen 100% w0Rking.rar/AutoCAD 2006/Keygen.exe Suspicious: Type_Win32
C:\Documents and Settings\Jim\My Documents\My Music\Autocad 2006 Full Version English Keygen 100% w0Rking.rar Suspicious: Type_Win32
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll Infected: Trojan-PSW.Win32.Agent.bu
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe Infected: Trojan-Spy.Win32.Small.dg
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll Infected: Trojan-PSW.Win32.Agent.bu
C:\Program Files\Common Files\Wise Installation Wizard\WISCDEBF9E7BCEB43A7986CE66377C28ABC_1_0_0.MSI/Cabs.w1.cab/loadadv458.exe Infected: Trojan-Downloader.Win32.Agent.xq
C:\Program Files\Common Files\Wise Installation Wizard\WISCDEBF9E7BCEB43A7986CE66377C28ABC_1_0_0.MSI/Cabs.w1.cab Infected: Trojan-Downloader.Win32.Agent.xq
C:\Program Files\Common Files\Wise Installation Wizard\WISCDEBF9E7BCEB43A7986CE66377C28ABC_1_0_0.MSI Infected: Trojan-Downloader.Win32.Agent.xq
C:\Program Files\Microsoft AntiSpyware\Quarantine\2EFB5339-37D0-44CA-BCF5-2A70D9\C17998F4-8DF1-4E48-93DC-7D029A/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\Program Files\Microsoft AntiSpyware\Quarantine\2EFB5339-37D0-44CA-BCF5-2A70D9\C17998F4-8DF1-4E48-93DC-7D029A Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\System Volume Information\_restore{8BE9A8AE-7F26-4D81-81A0-1DF88CE307CE}\RP11\A0000289.exe/run.exe Infected: Trojan-Downloader.Win32.IstBar.is
C:\System Volume Information\_restore{8BE9A8AE-7F26-4D81-81A0-1DF88CE307CE}\RP11\A0000289.exe Infected: Trojan-Downloader.Win32.IstBar.is
C:\System Volume Information\_restore{8BE9A8AE-7F26-4D81-81A0-1DF88CE307CE}\RP11\A0000292.exe/run.exe Infected: Trojan-Downloader.Win32.IstBar.is
C:\System Volume Information\_restore{8BE9A8AE-7F26-4D81-81A0-1DF88CE307CE}\RP11\A0000292.exe Infected: Trojan-Downloader.Win32.IstBar.is
C:\WINDOWS\Smlt\asappsrv.dll Infected: not-a-virus:AdWare.Win32.CommAd.a
C:\WINDOWS\system32\dn8601lse.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\WINDOWS\system32\fnbn92rf.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao
C:\WINDOWS\system32\mjg6huph.dll Infected: not-a-virus:AdWare.Win32.Sahat.ad
C:\WINDOWS\system32\mocorier.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\WINDOWS\tool3.exe Infected: Trojan-Downloader.Win32.Adload.j

Scan process completed.
----------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:49:05 PM, on 10/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Linksys\WUSB11 v25 Config Utility\WUSB11Cfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O18 - Protocol: bw+0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-88764
  • 0

#4
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
You didnt seem to paste the entire log (nothing below the O18's showed up)

Can you post the entire log. I am now working on a fix for you !!

Thank you !

Edited by Linkmaster, 01 November 2005 - 07:55 AM.

  • 0

#5
JIMMYC

JIMMYC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hey Linkmaster

Sorry about the half log here is the whole hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 10:49:05 PM, on 10/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Linksys\WUSB11 v25 Config Utility\WUSB11Cfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O18 - Protocol: bw+0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: style32 - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Smlt\command.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  • 0

#6
JIMMYC

JIMMYC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hey Linkmaster

Sorry about the half log here is the whole hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 10:49:05 PM, on 10/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Linksys\WUSB11 v25 Config Utility\WUSB11Cfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O18 - Protocol: bw+0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: style32 - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Smlt\command.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  • 0

#7
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
Thats Ok !! it happens. I have done that myself !!

Please disable Microsoft Antispyware, as it may hinder the removal of some entries. You can re-enable it after you're clean.

Right click on the Microsoft AntiSpyware icon (looks like a target) and click on :
Security Agents Status (Enabled)
Disable Real-time Protection

To re enable it, you follow the same steps but click on Enable Real-time Protection

Go to Start, Run, type in services.msc then hit OK
Find and Right click on :

Command Service (if present) and click on Stop

Right click again and Select Properties
In the middle of the box click the down arrow and select Disable
Select Apply and OK close services

Run HiJackThis
Click on "None of the above, just start the program"
Now, click on the "Config" button (bottom right)
Click on "Misc Tools"
Then click on "Delete an NT Service" a window will pop up
Enter the below item into that field (copy and paste):

cmdservice

Click ok.
It should pull up information about the service, when it asks if you want to reboot now click YES

Download win32delfkil.exe© by Marckie
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil
Close all windows, open the win32delfkil folder and double click on fix.bat.
Your PC should reboot automatically

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put a check mark in the boxes, only next to these following items : (if present)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

O20 - Winlogon Notify: style32 - C:\WINDOWS\

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Smlt\command.exe (file missing)


Click Fix Checked

Run CCleaner again (set it up like these instructions)
SETUP
DO NOT USE THE ISSUES TAB!!!!
Open CCleaner
Options, Advanced: Uncheck "Only delete files in Windows Temp folders older than 48 hours" (for cleaning malware files!)

Options, Settings: Check "Run CCleaner when system starts" (optional)
Options, Settings: Check "Add 'Run Cleaner' option to Recycle Bin context menu" (optional)

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Options>CustomFolders>Add Folder>Navigate to these folders (click on bold file once and hit OK) :
* C:\Windows\Temp
* C:\Windows\Prefetch
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files (This will delete all your cached internet content including cookies.)
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp
* C:\Documents and Settings\<Your Profile>\Cookies
* C:\Documents and Settings\<Any other users Profile>\Cookies
Hit OK
In left pane, scroll down to "Advanced, Custom Folders", put a check in Custom Folders
Then click on Run Cleaner
Put check in box to not show message again.
It will automatically clean.

Close out CCleaner.

If you would run Ewido Security Suite again and let it clean these entries :(if present) (Do Not Ignore Them)

HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Ignored
:mozilla.23:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.24:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.25:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.247realmedia : Ignored
:mozilla.26:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.247realmedia : Ignored
:mozilla.27:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.247realmedia : Ignored
:mozilla.28:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.29:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.30:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.31:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.32:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.33:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.34:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.35:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.36:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.37:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.38:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.39:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.40:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.41:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.42:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.43:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.44:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.45:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.46:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.47:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.48:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.49:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.63:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.64:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.65:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.68:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Clickhype : Ignored
:mozilla.84:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.85:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.86:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.87:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.111:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.121:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.122:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.123:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.124:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.125:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.141:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.142:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Burstnet : Ignored
:mozilla.154:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.155:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.156:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Centrport : Ignored
:mozilla.172:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Com : Ignored
:mozilla.173:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Com : Ignored
:mozilla.178:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.179:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.180:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.181:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.182:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.183:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.184:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.185:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.186:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.187:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.188:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.189:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.190:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.191:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.192:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.193:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.194:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.195:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.196:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.197:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.220:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.221:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.222:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.223:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.224:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.225:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.226:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.227:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.228:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.229:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.230:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.231:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.232:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.233:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.234:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.235:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.237:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.238:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.239:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.240:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.241:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.242:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.243:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.244:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.245:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.246:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.247:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.248:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Esomniture : Ignored
:mozilla.266:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Ru4 : Ignored
:mozilla.267:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Ru4 : Ignored
:mozilla.326:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Hypertracker : Ignored
:mozilla.333:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Masterstats : Ignored
:mozilla.377:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.380:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.428:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Overture : Ignored
:mozilla.429:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Overture : Ignored
:mozilla.435:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Paycounter : Ignored
:mozilla.442:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Overture : Ignored
:mozilla.450:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Qksrv : Ignored
:mozilla.451:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Qksrv : Ignored
:mozilla.452:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Questionmarket : Ignored
:mozilla.466:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Revenue : Ignored
:mozilla.475:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Adjuggler : Ignored
:mozilla.476:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Adjuggler : Ignored
:mozilla.477:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Liveperson : Ignored
:mozilla.478:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Liveperson : Ignored
:mozilla.492:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Liveperson : Ignored
:mozilla.493:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Liveperson : Ignored
:mozilla.494:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Liveperson : Ignored
:mozilla.495:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.496:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.497:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.498:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.499:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.509:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Spylog : Ignored
:mozilla.510:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.511:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.512:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.513:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.514:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.515:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.516:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.517:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.518:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.519:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.520:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.521:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.545:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.546:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.593:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Ignored
:mozilla.698:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.699:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.700:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.701:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.702:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.703:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.704:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.705:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.710:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.711:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.713:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Ignored
:mozilla.714:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\po202w1g.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Ignored
C:\Documents and Settings\Jim\Cookies\jim@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Ignored
C:\Documents and Settings\Jim\Cookies\jim@2o7[1].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\Jim\Cookies\jim@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Ignored
C:\Documents and Settings\Jim\Cookies\jim@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Ignored
C:\Documents and Settings\Jim\Cookies\jim@advertising[1].txt -> Spyware.Cookie.Advertising : Ignored
C:\Documents and Settings\Jim\Cookies\jim@adviva[2].txt -> Spyware.Cookie.Adviva : Ignored
C:\Documents and Settings\Jim\Cookies\jim@atdmt[2].txt -> Spyware.Cookie.Atdmt : Ignored
C:\Documents and Settings\Jim\Cookies\jim@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Ignored
C:\Documents and Settings\Jim\Cookies\jim@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Ignored
C:\Documents and Settings\Jim\Cookies\jim@chumtv.122.2o7[1].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\Jim\Cookies\jim@commission-junction[2].txt -> Spyware.Cookie.Commission-junction : Ignored
C:\Documents and Settings\Jim\Cookies\jim@com[2].txt -> Spyware.Cookie.Com : Ignored
C:\Documents and Settings\Jim\Cookies\jim@counter.hitslink[1].txt -> Spyware.Cookie.Hitslink : Ignored
C:\Documents and Settings\Jim\Cookies\jim@counter2.hitslink[1].txt -> Spyware.Cookie.Hitslink : Ignored
C:\Documents and Settings\Jim\Cookies\jim@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Ignored
C:\Documents and Settings\Jim\Cookies\jim@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Ignored
C:\Documents and Settings\Jim\Cookies\jim@e-2dj6wjlioidpcko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Jim\Cookies\jim@e-2dj6wjmygodpecp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Jim\Cookies\jim@e-2dj6wjnygkczwfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Jim\Cookies\jim@ehg-mybc.hitbox[2].txt -> Spyware.Cookie.Hitbox : Ignored
C:\Documents and Settings\Jim\Cookies\jim@estat[1].txt -> Spyware.Cookie.Estat : Ignored
C:\Documents and Settings\Jim\Cookies\jim@fastclick[1].txt -> Spyware.Cookie.Fastclick : Ignored
C:\Documents and Settings\Jim\Cookies\jim@gettyimages.122.2o7[1].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\Jim\Cookies\jim@hitbox[2].txt -> Spyware.Cookie.Hitbox : Ignored
C:\Documents and Settings\Jim\Cookies\jim@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Ignored
C:\Documents and Settings\Jim\Cookies\jim@microsoftwga.112.2o7[2].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\Jim\Cookies\jim@news.com[2].txt -> Spyware.Cookie.Com : Ignored
C:\Documents and Settings\Jim\Cookies\jim@paycounter[2].txt -> Spyware.Cookie.Paycounter : Ignored
C:\Documents and Settings\Jim\Cookies\jim@perf.overture[1].txt -> Spyware.Cookie.Overture : Ignored
C:\Documents and Settings\Jim\Cookies\jim@pro-market[2].txt -> Spyware.Cookie.Pro-market : Ignored
C:\Documents and Settings\Jim\Cookies\jim@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Ignored
C:\Documents and Settings\Jim\Cookies\jim@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Ignored
C:\Documents and Settings\Jim\Cookies\jim@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Ignored
C:\Documents and Settings\Jim\Cookies\jim@statcounter[1].txt -> Spyware.Cookie.Statcounter : Ignored
C:\Documents and Settings\Jim\Cookies\jim@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Ignored
C:\Documents and Settings\Jim\Cookies\jim@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Ignored
C:\Documents and Settings\Jim\Cookies\jim@valueclick[1].txt -> Spyware.Cookie.Valueclick : Ignored
C:\Documents and Settings\Jim\Cookies\jim@web4.realtracker[2].txt -> Spyware.Cookie.Realtracker : Ignored
C:\Documents and Settings\Jim\Cookies\jim@weborama[1].txt -> Spyware.Cookie.Weborama : Ignored
C:\Documents and Settings\Jim\Cookies\jim@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Ignored
C:\Documents and Settings\Jim\Local Settings\Temp\Cookies\jim@com[2].txt -> Spyware.Cookie.Com : Ignored
C:\Documents and Settings\Jim\Local Settings\Temp\Rar$EX00.250\crackmasters.exe/loadadv458.exe -> TrojanDownloader.Small.brk : Ignored
C:\Documents and Settings\Jim\Local Settings\Temp\Rar$EX00.250\crackmasters.exe/loadadv458.exe -> TrojanDownloader.Small.brk : Ignored
C:\Documents and Settings\Jim\Local Settings\Temp\Temporary Internet Files\Content.IE5\NXL3LZEZ\drsmartload_js[1].htm -> TrojanDownloader.IstBar.j : Ignored
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\WXE3SHM3\AppWrap[1].exe -> TrojanDropper.Agent.pb : Ignored
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll -> TrojanSpy.Agent.bu : Ignored
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> TrojanSpy.Agent.bu : Ignored
C:\WINDOWS\Smlt\asappsrv.dll -> Spyware.CommAd : Ignored
C:\WINDOWS\system32\dn8601lse.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\system32\mjg6huph.dll -> Adware.Saha : Ignored
C:\WINDOWS\system32\mocorier.dll -> Spyware.Look2Me : Ignored
C:\WINDOWS\tool3.exe -> TrojanDownloader.VB.qr : Ignored


Reboot, run HijackThis and post a fresh HijackThis log, Ewido log and the windelf.txt here

Edited by Linkmaster, 02 November 2005 - 06:29 AM.

  • 0

#8
JIMMYC

JIMMYC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hey Linkmaster

I did as you instructed here are the HijackThis log,Ewido log but i can't figure out how to get the windelf.txt. Please instuct me how to retrieve this.

Here are the other logs

Thanks alot for your help

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:00:25 PM, 11/2/2005
+ Report-Checksum: 68D20AA

+ Scan result:

HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll -> TrojanSpy.Agent.bu : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> TrojanSpy.Agent.bu : Cleaned with backup
C:\WINDOWS\Smlt\asappsrv.dll -> Spyware.CommAd : Cleaned with backup
C:\WINDOWS\system32\dn8601lse.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mocorier.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\tool3.exe -> TrojanDownloader.VB.qr : Cleaned with backup


::Report End



Logfile of HijackThis v1.99.1
Scan saved at 2:05:32 PM, on 11/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Linksys\WUSB11 v25 Config Utility\WUSB11Cfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O18 - Protocol: bw+0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CE62E8E3-DEC8-4E52-AC01-3F30B9002F21} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  • 0

#9
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
You are very welcome !!

It is located C:\windelf.txt (my mistake)

How is your system running now ??

Congratulations! Your log is CLEAN !!

Here are a few tools that I recommend for protecting your system and keeping your system clean !!

Real Time Prevention
SpywareBlaster

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.
IESpyad© by EHowes : This will add several hundred Restricted Sites to the Restricted site zone in IE.

Cleaner:
CCleaner is a good app to clean out temp files, cookies, recent folder(win2000) and Prefetch folder(XP), etc

Spyware Scanners:
Ad-aware SE Scans your system for spyware and other threats
a˛ Scanner : Scans for Malware and Trojans on your system.

Good Free Antivirus Programs:
AVG
Avast!
NOTE:Remember always have just 1 antivirus program running at a time. Having more than one running causes a conflict between the programs !! You can use one as a backup to run manually

Windows Update:
It's also very important to keep your system up to date to avoid unnecessary security risks
Windows Update

Firewalls:
If you have an "always on " internet connection, such as DSL or Cable, I recommend a Firewall.
A firewall will make your pc invisible to the outside world and will filter the outgoing and incoming traffic on your pc.
For a good idea of how vulnerable your system(s) are go to GRC
Scroll down to "Shields Up" Click on "Proceed" Then click on "Common Ports"to scan your ports.
2 very good Firewalls:
Sygate
ZoneAlarm

These next steps are optional, but will provide the greatest protection
Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness.
Alternative Browsers:
FireFox
Opera

Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the HijackThis folder if everything is working okay.

Always keep your Antivirus & Spyware Removal Tools current with the latest definitions and updates !!

Using these tools and keeping them updated will reduce the risk of future infections!!

Edited by Linkmaster, 02 November 2005 - 01:33 PM.

  • 0

#10
JIMMYC

JIMMYC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hey Linkmaster

Here is the txt. What do you think about MS Antispyware,spybot search and destroy. I appriciate all the advice. Thank you. You are now my favorite superhero LINKMASTER. I really aprricaite everything, truly.

Your a true saviour

JimmyC




************************
* WIN32DELFKIL LOGFILE *
************************


BEFORE RUNNING WIN32DELFKIL
***************************

File(s) found in Windows directory
----------------------------------

File(s) found in system32 folder
--------------------------------

SharedTaskScheduler key
-----------------------

SteelWerX Registry Console Tool 1.0
Written by Bobbi Flekman © 2005

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon

Notify key
----------



AFTER RUNNING WIN32DELFKIL
**************************

File(s) found in Windows directory
----------------------------------

File(s) found in system32 folder
--------------------------------

SharedTaskScheduler key
-----------------------

SteelWerX Registry Console Tool 1.0
Written by Bobbi Flekman © 2005

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon

Notify key
----------
  • 0

Advertisements


#11
JIMMYC

JIMMYC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hey Linkmaster

I just ran Ad-Aware SE and found 16 items to be erased. Which I guess means there may still be malware.

What should I do?

Thanks

Jimmyc
  • 0

#12
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
What are the items it found ??

Are they MRU's or Cookies ??

Run it again after a reboot. Let me know what it finds !!
  • 0

#13
JIMMYC

JIMMYC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi Linkmaster

There is
MRU List (1 object Total)
Tracking cookie (1 object Total)

on the second scan and erase.

What do you think of this?

JIMMYC
  • 0

#14
JIMMYC

JIMMYC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here is the scan log

Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, November 02, 2005 4:04:46 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R72 26.10.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):1 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R72 26.10.2005
Internal build : 84
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 539750 Bytes
Total size : 1615006 Bytes
Signature data size : 1581460 Bytes
Reference data size : 33034 Bytes
Signatures total : 44876
CSI Fingerprints total : 1056
CSI data size : 37714 Bytes
Target categories : 15
Target families : 765


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:35 %
Total physical memory:523804 kb
Available physical memory:180156 kb
Total page file size:1280092 kb
Available on page file:1025676 kb
Total virtual memory:2097024 kb
Available virtual memory:2048320 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


11-2-2005 4:04:46 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 584
ThreadCreationTime : 11-2-2005 8:58:26 PM
BasePriority : Normal


#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 848
ThreadCreationTime : 11-2-2005 8:58:31 PM
BasePriority : High


#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 892
ThreadCreationTime : 11-2-2005 8:58:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 904
ThreadCreationTime : 11-2-2005 8:58:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 1048
ThreadCreationTime : 11-2-2005 8:58:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1148
ThreadCreationTime : 11-2-2005 8:58:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 1644
ThreadCreationTime : 11-2-2005 8:58:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:8 [defwatch.exe]
ModuleName : C:\Program Files\NavNT\defwatch.exe
Command Line : n/a
ProcessID : 1756
ThreadCreationTime : 11-2-2005 8:58:35 PM
BasePriority : Normal
FileVersion : 7.60.00.926
ProductVersion : 7.60.00.926
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:9 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : n/a
ProcessID : 1804
ThreadCreationTime : 11-2-2005 8:58:35 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:10 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : n/a
ProcessID : 1836
ThreadCreationTime : 11-2-2005 8:58:35 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:11 [rtvscan.exe]
ModuleName : C:\Program Files\NavNT\rtvscan.exe
Command Line : n/a
ProcessID : 1872
ThreadCreationTime : 11-2-2005 8:58:35 PM
BasePriority : Normal
FileVersion : 7.60.00.926
ProductVersion : 7.60.00.926
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2000

#:12 [nvsvc32.exe]
ModuleName : C:\WINDOWS\system32\nvsvc32.exe
Command Line : n/a
ProcessID : 1908
ThreadCreationTime : 11-2-2005 8:58:35 PM
BasePriority : Normal
FileVersion : 6.14.10.4523
ProductVersion : 6.14.10.4523
ProductName : NVIDIA Driver Helper Service, Version 45.23
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 45.23
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:13 [hpzipm12.exe]
ModuleName : C:\WINDOWS\system32\HPZipm12.exe
Command Line : C:\WINDOWS\system32\HPZipm12.exe
ProcessID : 1920
ThreadCreationTime : 11-2-2005 8:58:35 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 2
ProductVersion : 10, 1, 0, 2
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe

#:14 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1988
ThreadCreationTime : 11-2-2005 8:58:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:15 [wscntfy.exe]
ModuleName : C:\WINDOWS\system32\wscntfy.exe
Command Line : C:\WINDOWS\system32\wscntfy.exe
ProcessID : 936
ThreadCreationTime : 11-2-2005 8:58:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:16 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1480
ThreadCreationTime : 11-2-2005 8:58:42 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:17 [msgsys.exe]
ModuleName : C:\WINDOWS\system32\MsgSys.EXE
Command Line : MsgSys.EXE
ProcessID : 1800
ThreadCreationTime : 11-2-2005 8:58:44 PM
BasePriority : Normal
FileVersion : 6.0.201.0940 E
ProductVersion : 6.0
ProductName : Intel Common Base Agent
CompanyName : Intel Corporation
FileDescription : CBA -- Message System
InternalName : MsgExe
LegalCopyright : Copyright © 1997, 1998
LegalTrademarks : LANDesk ® is a registered trademark of Intel Corporation
OriginalFilename : MsgSys.EXE

#:18 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\RUNDLL32.EXE
Command Line : "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
ProcessID : 648
ThreadCreationTime : 11-2-2005 8:58:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:19 [vptray.exe]
ModuleName : C:\Program Files\NavNT\vptray.exe
Command Line : "C:\Program Files\NavNT\vptray.exe"
ProcessID : 908
ThreadCreationTime : 11-2-2005 8:58:45 PM
BasePriority : Normal
FileVersion : 7.60.00.926
ProductVersion : 7.60.00.926
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2000

#:20 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
ProcessID : 1308
ThreadCreationTime : 11-2-2005 8:58:46 PM
BasePriority : Normal


#:21 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
ProcessID : 1532
ThreadCreationTime : 11-2-2005 8:58:46 PM
BasePriority : Normal
FileVersion : 6.0.1.2004121400
ProductVersion : 6.0.1.2004121400
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2004 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe

#:22 [hpwuschd2.exe]
ModuleName : C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Command Line : "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
ProcessID : 2212
ThreadCreationTime : 11-2-2005 8:58:48 PM
BasePriority : Normal
FileVersion : 50.0.146.000
ProductVersion : 050.000.146.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : hpwuSchd2
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : hpwuSchd2.exe
Comments : Hewlett-Packard Product Assistant

#:23 [atidtct.exe]
ModuleName : C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
Command Line : "C:\Program Files\ATI Multimedia\main\ATIDtct.EXE"
ProcessID : 2312
ThreadCreationTime : 11-2-2005 8:58:48 PM
BasePriority : Normal
FileVersion : 9.08.000
ProductVersion : 9.08
ProductName : ATI Multimedia Center
CompanyName : ATI Technologies Inc.
FileDescription : ATI Device Detection Application
InternalName : AtiDtct
LegalCopyright : Copyright © 2005 ATI Technologies Inc.
OriginalFilename : AtiDtct.EXE

#:24 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 2612
ThreadCreationTime : 11-2-2005 8:58:51 PM
BasePriority : Normal
FileVersion : 1.00.0615
ProductVersion : 1.00.0615
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:25 [status~1.exe]
ModuleName : C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
Command Line : C:\PROGRA~1\HEWLET~1\TOOLBOX\STATUS~1\STATUS~1.EXE /AUTO
ProcessID : 2928
ThreadCreationTime : 11-2-2005 8:59:02 PM
BasePriority : Normal
FileVersion : 04 .00 .01
ProductVersion : 04 .00 .01
ProductName : Hewlett-Packard T-TR Status Client
CompanyName : Hewlett-Packard
FileDescription : Hewlett-Packard T-TR Status Client
InternalName : StatusClient.exe
LegalCopyright : Copyright © 2002-2003 Hewlett-Packard Company
LegalTrademarks : All Rights Reserved.
OriginalFilename : StatusClient.exe

#:26 [dvzmsgr.exe]
ModuleName : C:\WINDOWS\DvzCommon\DvzMsgr.exe
Command Line : "C:\WINDOWS\DvzCommon\DvzMsgr.exe"
ProcessID : 2940
ThreadCreationTime : 11-2-2005 8:59:02 PM
BasePriority : Normal


#:27 [hpqtra08.exe]
ModuleName : C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Command Line : "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"
ProcessID : 2952
ThreadCreationTime : 11-2-2005 8:59:03 PM
BasePriority : Normal
FileVersion : 45.4.157.000
ProductVersion : 045.004.157.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor

#:28 [wusb11cfg.exe]
ModuleName : C:\Program Files\Linksys\WUSB11 v25 Config Utility\WUSB11Cfg.exe
Command Line : "C:\Program Files\Linksys\WUSB11 v25 Config Utility\WUSB11Cfg.exe"
ProcessID : 2992
ThreadCreationTime : 11-2-2005 8:59:03 PM
BasePriority : Normal
FileVersion : 2.97.15.216
ProductVersion : 2.97.15.216
ProductName : Instant Wireless Configuration Utility
CompanyName : The Linksys Group, Inc.
FileDescription : Instant Wireless Configuration Utility
InternalName : WUSB11Cfg.EXE
LegalCopyright : Copyright © 2002, Linksys
LegalTrademarks : Instant Wireless
OriginalFilename : WUSB11Cfg.EXE
Comments : Instant Wireless Configuration Utility

#:29 [wzqkpick.exe]
ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE
Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE"
ProcessID : 3168
ThreadCreationTime : 11-2-2005 8:59:06 PM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 8.1 (4319)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2001 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:30 [hotsync.exe]
ModuleName : C:\Program Files\palmOne\HOTSYNC.EXE
Command Line : "C:\Program Files\palmOne\HOTSYNC.EXE"
ProcessID : 3204
ThreadCreationTime : 11-2-2005 8:59:07 PM
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:31 [hpqgalry.exe]
ModuleName : C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
Command Line : "C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe" -s
ProcessID : 3856
ThreadCreationTime : 11-2-2005 8:59:18 PM
BasePriority : Normal


#:32 [javaw.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
Command Line : "C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" -jar -Duser.dir="C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0" "C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\bin\bootstrap.jar" start
ProcessID : 3860
ThreadCreationTime : 11-2-2005 8:59:18 PM
BasePriority : Normal


#:33 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : n/a
ProcessID : 4004
ThreadCreationTime : 11-2-2005 8:59:27 PM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:34 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1892
ThreadCreationTime : 11-2-2005 9:04:11 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : C:\Documents and Settings\Jim\recent
Description : list of recently opened documents



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jim@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:jim@atdmt.com/
Expires : 10-31-2010 7:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 2



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
40 entries scanned.
New critical objects:0
Objects found so far: 2




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

4:18:59 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:13.359
Objects scanned:147401
Objects identified:1
Objects ignored:0
New critical objects:1
  • 0

#15
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
Thats ok
MRU's are things that you recently open or used.

Here is a good idea of how to setup Adaware SE
Setup & Run AdAwareSE
Close ALL windows except Ad-Aware SE.

Click on the ‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window:

In the General window make sure the following are selected in green:

Under Safety:
Automatically save log-file
Automatically quarantine objects prior to removal
Safe Mode (always request confirmation)

Under Definitions:
Prompt to update outdated definitions - set the number of days
Click on the ‘Scanning’ button on the left and select in green:

Under Driver, Folders & Files:
Scan Within Archives

Under Select drives & folders to scan:
Choose all hard drives

Under Memory & Registry:all green
Scan Active Processes
Scan Registry
Deep Scan Registry
Scan my IE favorites for banned URL’s
Scan my Hosts file

Click on the ‘Advanced’ button on the left and select in green:

Under Shell Integration:
Move deleted files to recycle bin

Under Logfile Detail Level:all green
include addtional object information
DESELECT - include negligible objects information
include environment information

Under Alternate Data Streams:
Don't log streams smaller than 0 bytes
Don't log ADS with the following names: CA_INOCULATEIT

Click the ‘Tweak’ button and select in green:

Under Scanning Engine:
Unload recognized processes during scanning
Scan registry for all users instead of current user only

Under Cleaning Engine:
Let Windows remove files in use at next reboot

Under Log Files:
Include basic Ad-aware SE settings in logfile
Include additional Ad-aware SE settings in logfile
Please do not check: Include Module list in logfile

Click on Proceed to save the settings.

Click Start

Choose Perform Full System Scan

Click Next and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.

If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window

Click on Next and check all the boxes in the window

Click next and OK to remove

Close AdawareSE

The one tracking cookie can be checked for removal as well. my wife goes to a legitimate site that Adaware SE tracks as Tracking.
If you follow the suggestions I outlined it will help !!


Is everything running ok now ??

If so I will close this thread !!

Edited by Linkmaster, 02 November 2005 - 03:30 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP