Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Strange, Uknown, Returning Hijack Spyware [RESOLVED]

Started by Midnight364 , Oct 27 2005 03:18 PM

This topic is locked

#1
Midnight364

Posted 27 October 2005 - 03:18 PM

Member

Member
63 posts

Somehow (I have no clue when or where) my own computer got infected with some spyware that interferes with the functionality of explorer.exe. That is, it completely freezes the active desktop and the system tray down at the bottom of the screen. I have to manually shutdown the explorer.exe process and execute commands to get Ad-Aware and Spybot running. They always find two or three problems and fix them. Then I reboot once and everything works happily again. But if I turn my computer off again, BAM. Whatever it is that freezes my explorer.exe is back. I want to stop this troublesome and tedious cycle, so here's a hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:36:23 PM, on 10/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\Documents and Settings\Midnight\Desktop\Shortcuts\KeyCount\KeyCount.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\WINDOWS\system32\ATWTUSB.EXE
C:\WINDOWS\system32\TBLMOUSE.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Midnight\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

localhost
O1 - Hosts: 68.3.107.49 l2authd.lineage2.com
O1 - Hosts: 205.238.40.1 winmx.com
O1 - Hosts: 205.238.40.1 www.winmx.com
O1 - Hosts: 205.238.40.1 err.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1304.winmx.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} -

C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -

C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program

Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton

AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BF2133B2-AB1D-42B6-AD4B-6BA9240F2044} -

C:\WINDOWS\System32\igmpgagnt.dll (file missing)
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} -

C:\WINDOWS\System32\nzdd.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft

Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {16F2455C-08DE-452C-BD72-05B3D487C7BA} - (no file)
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} -

C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: (no name) - {54E33768-46D9-4E1C-A46E-5854937E2D89} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -

C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft

Money\System\Activation.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

-noicon
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator

5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\\Program Files\ATI

Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [wtadd_KeyCount.exe] C:\Documents and

Settings\Midnight\Desktop\Shortcuts\KeyCount\KeyCount.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather

Forecast\weather.exe
O4 - HKLM\..\Run: [G06s0Oob3] C:\WINDOWS\xlrrmgx.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [sais] c:\program files\180searchassistant\sais.exe
O4 - HKLM\..\Run: [PMT] C:\Program Files\Personal Money Tree\personalmoneytree.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection

Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Notmad Manager.lnk = C:\Program Files\Red Chair Software\Notmad

Explorer\notmgr.exe
O4 - Startup: Registration Prince of Persia Warrior Within.LNK = C:\Program

Files\UBISOFT\Prince of Persia Warrior Within\Support\Register\RegistrationReminder.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat

6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ImageFox.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard

5\ScannerFinder.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program

Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program

Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Program

Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://c:\Program

Files\topMoxie\TEMP\limeshop_script.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program

Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program

Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} -

C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -

C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program

Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct0_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {05717986-A8C7-11D7-A03D-00104BCD089B} (W3IP Control) -

http://www.w3ip.com/W3ip.cab
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) -

https://horizons.ist...ls/launcher.ocx
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -

http://messenger.zon...MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -

http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://a1540.g.akama...5/us/win/QuickT

imeInstaller.exe
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -

http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zon...StatsClient.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) -

https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9A19966F-AE0E-4699-8CCE-9B6F5F1C352C} (NPKXSite Control) -

http://211.172.247.2...kx/npkxsite.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) -

http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) -

http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -

http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BD5FBD60-8AA3-4060-92B9-A868B9FF2FCC} (Reversi Control) -

http://mirror.worldw...rsi/reversi.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) -

http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) -

http://liveca04.righ...l/java/RntX.cab
O18 - Protocol: bw+0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} -

C:\WINDOWS\system32\qlink32.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O20 - Winlogon Notify: st3i - C:\WINDOWS\q32493812.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) -

The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The

Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software -

C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common

Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation -

C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec

Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation -

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program

Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner -

C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

#2
Midnight364

Posted 30 October 2005 - 06:36 PM

Member

Topic Starter
Member
63 posts

Just an update: (sorry for double-posting)

These are the names of the two infections that SpyBot keeps finding:

-EffectiveBandToolbar
-PSGuard.msmsgs

These have started coming back even though I haven't rebooted my computer.

Please, help, it keeps freezing my explorer.exe and GUI!

#3
Danny

Posted 30 October 2005 - 07:29 PM

Visiting Staff

Member
684 posts

Hi,

Can you turn wordwrap off? To do this:

In notepad, click "Format" then uncheck "Wordwrap".

Post a new HijackThis log.

Danny :tazz:

#4
Midnight364

Posted 30 October 2005 - 08:02 PM

Member

Topic Starter
Member
63 posts

[double-posted by mistake]

Edited by Midnight364, 30 October 2005 - 08:07 PM.

#5
Midnight364

Posted 30 October 2005 - 08:06 PM

Member

Topic Starter
Member
63 posts

Sure thing, here's the last HijackThis log without wordwrap:

Logfile of HijackThis v1.99.1
Scan saved at 1:36:23 PM, on 10/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\Documents and Settings\Midnight\Desktop\Shortcuts\KeyCount\KeyCount.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\WINDOWS\system32\ATWTUSB.EXE
C:\WINDOWS\system32\TBLMOUSE.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Midnight\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 68.3.107.49 l2authd.lineage2.com
O1 - Hosts: 205.238.40.1 winmx.com
O1 - Hosts: 205.238.40.1 www.winmx.com
O1 - Hosts: 205.238.40.1 err.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1304.winmx.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BF2133B2-AB1D-42B6-AD4B-6BA9240F2044} - C:\WINDOWS\System32\igmpgagnt.dll (file missing)
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {16F2455C-08DE-452C-BD72-05B3D487C7BA} - (no file)
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: (no name) - {54E33768-46D9-4E1C-A46E-5854937E2D89} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [wtadd_KeyCount.exe] C:\Documents and Settings\Midnight\Desktop\Shortcuts\KeyCount\KeyCount.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [G06s0Oob3] C:\WINDOWS\xlrrmgx.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [sais] c:\program files\180searchassistant\sais.exe
O4 - HKLM\..\Run: [PMT] C:\Program Files\Personal Money Tree\personalmoneytree.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Notmad Manager.lnk = C:\Program Files\Red Chair Software\Notmad Explorer\notmgr.exe
O4 - Startup: Registration Prince of Persia Warrior Within.LNK = C:\Program Files\UBISOFT\Prince of Persia Warrior Within\Support\Register\RegistrationReminder.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ImageFox.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://c:\Program Files\topMoxie\TEMP\limeshop_script.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct0_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {05717986-A8C7-11D7-A03D-00104BCD089B} (W3IP Control) - http://www.w3ip.com/W3ip.cab
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.ist...ls/launcher.ocx
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9A19966F-AE0E-4699-8CCE-9B6F5F1C352C} (NPKXSite Control) - http://211.172.247.2...kx/npkxsite.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BD5FBD60-8AA3-4060-92B9-A868B9FF2FCC} (Reversi Control) - http://mirror.worldw...rsi/reversi.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.righ...l/java/RntX.cab
O18 - Protocol: bw+0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\system32\qlink32.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O20 - Winlogon Notify: st3i - C:\WINDOWS\q32493812.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

#6
Danny

Posted 31 October 2005 - 06:10 AM

Visiting Staff

Member
684 posts

Hi,

You Have a CoolWebSearch Infection.
Please Download CoolWebShredder, from http://www.geekstogo...=download&id=17 , Extract it & run the program. Click the Next Button & let it scan. Make sure you let it fix all CWS Remnants. Afterwards, Please Post a fresh HijackThis log.

Open HijackThis, click the "Scan" button, and check the following items (If present):

O1 - Hosts: 68.3.107.49 l2authd.lineage2.com
O1 - Hosts: 205.238.40.1 winmx.com
O1 - Hosts: 205.238.40.1 www.winmx.com
O1 - Hosts: 205.238.40.1 err.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1304.winmx.com
O2 - BHO: (no name) - {BF2133B2-AB1D-42B6-AD4B-6BA9240F2044} - C:\WINDOWS\System32\igmpgagnt.dll (file missing)
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O3 - Toolbar: (no name) - {16F2455C-08DE-452C-BD72-05B3D487C7BA} - (no file)
O3 - Toolbar: (no name) - {54E33768-46D9-4E1C-A46E-5854937E2D89} - (no file)
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [G06s0Oob3] C:\WINDOWS\xlrrmgx.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [sais] c:\program files\180searchassistant\sais.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {9A19966F-AE0E-4699-8CCE-9B6F5F1C352C} (NPKXSite Control) - http://211.172.247.2...kx/npkxsite.cab
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\system32\qlink32.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O20 - Winlogon Notify: st3i - C:\WINDOWS\q32493812.dll

Close all windows except HijackThis, and click the "Fix Checked" button.

Reboot and post a new log.

Danny :tazz:

#7
Midnight364

Posted 31 October 2005 - 09:07 AM

Member

Topic Starter
Member
63 posts

Okay, ran CWshredder and it fixed a couple of things. My interface didn't freeze up when I rebooted.
I have to run out to work right now, but I'll run Hijackthis and fix the problems when I get home.

Just for reference, I modified my hosts file to access some servers, so everything marked O1 in that list you posted was stuff I added myself.

Here's the post-CWshredder HJT log:
-------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 7:04:10 AM, on 10/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ATWTUSB.EXE
C:\Documents and Settings\Midnight\Desktop\Shortcuts\KeyCount\KeyCount.exe
C:\WINDOWS\system32\TBLMOUSE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\Program Files\Personal Money Tree\personalmoneytree.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\Red Chair Software\Notmad Explorer\notmgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Midnight\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 68.3.107.49 l2authd.lineage2.com
O1 - Hosts: 205.238.40.1 winmx.com
O1 - Hosts: 205.238.40.1 www.winmx.com
O1 - Hosts: 205.238.40.1 err.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1304.winmx.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BF2133B2-AB1D-42B6-AD4B-6BA9240F2044} - C:\WINDOWS\System32\igmpgagnt.dll (file missing)
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {16F2455C-08DE-452C-BD72-05B3D487C7BA} - (no file)
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: (no name) - {54E33768-46D9-4E1C-A46E-5854937E2D89} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [wtadd_KeyCount.exe] C:\Documents and Settings\Midnight\Desktop\Shortcuts\KeyCount\KeyCount.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [G06s0Oob3] C:\WINDOWS\xlrrmgx.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [sais] c:\program files\180searchassistant\sais.exe
O4 - HKLM\..\Run: [PMT] C:\Program Files\Personal Money Tree\personalmoneytree.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Notmad Manager.lnk = C:\Program Files\Red Chair Software\Notmad Explorer\notmgr.exe
O4 - Startup: Registration Prince of Persia Warrior Within.LNK = C:\Program Files\UBISOFT\Prince of Persia Warrior Within\Support\Register\RegistrationReminder.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ImageFox.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://c:\Program Files\topMoxie\TEMP\limeshop_script.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct0_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {05717986-A8C7-11D7-A03D-00104BCD089B} (W3IP Control) - http://www.w3ip.com/W3ip.cab
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.ist...ls/launcher.ocx
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9A19966F-AE0E-4699-8CCE-9B6F5F1C352C} (NPKXSite Control) - http://211.172.247.2...kx/npkxsite.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BD5FBD60-8AA3-4060-92B9-A868B9FF2FCC} (Reversi Control) - http://mirror.worldw...rsi/reversi.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.righ...l/java/RntX.cab
O18 - Protocol: bw+0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O20 - Winlogon Notify: st3i - C:\WINDOWS\q43697250.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Midnight\Desktop\cwshredder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

#8
Danny

Posted 31 October 2005 - 11:24 AM

Visiting Staff

Member
684 posts

Now, Please post the HijackThis log after the fixes.

Danny :tazz:

#9
Midnight364

Posted 31 October 2005 - 07:03 PM

Member

Topic Starter
Member
63 posts

I fixed all the stuff you asked me to using HijackThis (except the stuff in the hosts file that I added), and rebooted.
For some reason my interface froze again, though
Here's the newest log:
--------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 5:01:56 PM, on 10/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ATWTUSB.EXE
C:\Documents and Settings\Midnight\Desktop\Shortcuts\KeyCount\KeyCount.exe
C:\WINDOWS\system32\TBLMOUSE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Midnight\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 68.3.107.49 l2authd.lineage2.com
O1 - Hosts: 205.238.40.1 winmx.com
O1 - Hosts: 205.238.40.1 www.winmx.com
O1 - Hosts: 205.238.40.1 err.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1304.winmx.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [wtadd_KeyCount.exe] C:\Documents and Settings\Midnight\Desktop\Shortcuts\KeyCount\KeyCount.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PMT] C:\Program Files\Personal Money Tree\personalmoneytree.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Notmad Manager.lnk = C:\Program Files\Red Chair Software\Notmad Explorer\notmgr.exe
O4 - Startup: Registration Prince of Persia Warrior Within.LNK = C:\Program Files\UBISOFT\Prince of Persia Warrior Within\Support\Register\RegistrationReminder.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ImageFox.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://c:\Program Files\topMoxie\TEMP\limeshop_script.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct0_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {05717986-A8C7-11D7-A03D-00104BCD089B} (W3IP Control) - http://www.w3ip.com/W3ip.cab
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.ist...ls/launcher.ocx
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BD5FBD60-8AA3-4060-92B9-A868B9FF2FCC} (Reversi Control) - http://mirror.worldw...rsi/reversi.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.righ...l/java/RntX.cab
O18 - Protocol: bw+0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Midnight\Desktop\cwshredder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

#10
Danny

Posted 01 November 2005 - 06:15 AM

Visiting Staff

Member
684 posts

Hi,

Open HijackThis, and click the "Scan" button. Check the following items:

O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll

Close all windows except HijackThis and click the "Fix Checked" button.

Reboot and post a new log.

Danny :tazz:

#11
Midnight364

Posted 01 November 2005 - 06:06 PM

Member

Topic Starter
Member
63 posts

Here's the new log... seems like the file I deleted just came back:
---------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:59:27 PM, on 11/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ATWTUSB.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Documents and Settings\Midnight\Desktop\Shortcuts\KeyCount\KeyCount.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Personal Money Tree\personalmoneytree.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\system32\TBLMOUSE.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Red Chair Software\Notmad Explorer\notmgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Midnight\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 68.3.107.49 l2authd.lineage2.com
O1 - Hosts: 205.238.40.1 winmx.com
O1 - Hosts: 205.238.40.1 www.winmx.com
O1 - Hosts: 205.238.40.1 err.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1304.winmx.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [wtadd_KeyCount.exe] C:\Documents and Settings\Midnight\Desktop\Shortcuts\KeyCount\KeyCount.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PMT] C:\Program Files\Personal Money Tree\personalmoneytree.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Notmad Manager.lnk = C:\Program Files\Red Chair Software\Notmad Explorer\notmgr.exe
O4 - Startup: Registration Prince of Persia Warrior Within.LNK = C:\Program Files\UBISOFT\Prince of Persia Warrior Within\Support\Register\RegistrationReminder.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ImageFox.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://c:\Program Files\topMoxie\TEMP\limeshop_script.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct0_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {05717986-A8C7-11D7-A03D-00104BCD089B} (W3IP Control) - http://www.w3ip.com/W3ip.cab
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.ist...ls/launcher.ocx
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BD5FBD60-8AA3-4060-92B9-A868B9FF2FCC} (Reversi Control) - http://mirror.worldw...rsi/reversi.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.righ...l/java/RntX.cab
O18 - Protocol: bw+0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Midnight\Desktop\cwshredder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

#12
Danny

Posted 01 November 2005 - 09:09 PM

Visiting Staff

Member
684 posts

Hi,

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe.

Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Danny :tazz:

#13
Midnight364

Posted 01 November 2005 - 09:48 PM

Member

Topic Starter
Member
63 posts

Here's the L2MFix log:
------------------------------------------

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\st3]
"DLLName"="C:\\WINDOWS\\system32\\st3.dll"
"logoff"="WACLEventLogoff"
"lock"="WACLEventLock"
"logon"="WACLEventLogon"
"startup"="WACLEventStartup"
"shutdown"="WACLEventShutdown"
"startshell"="WACLEventStartShell"
"unlock"="WACLEventUnlock"
"startscreensaver"="WACLEventStartScreenSaver"
"stopscreensaver"="WACLEventStopScreenSaver"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
"Asynchronous"=dword:00000000
"DllName"="C:\\PROGRA~1\\Stardock\\OBJECT~1\\WINDOW~1\\fastload.dll"
"Startup"="StartSys"
"Logon"="StartWB"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{0ABA1208-C44E-4006-B481-AB48F64B391C}"=""
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter"
"{8f7261d0-d2b9-11d2-9909-00605205b24c}"="CuteFTP Shell Extension"
"{68f32140-2ca3-11d0-acc1-444553540000}"="PicaView"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{C81DCBCA-8AE2-41FC-9C39-78B160393210}"="RhinoShExt"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{BB7DF450-F119-11CD-8465-00AA00425D90}"="Microsoft Access Custom Icon Handler"
"{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"="jetAudio"
"{3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02}"="TIShelEx Shell Extension"
"{2F5AC606-70CF-461C-BFE1-734234536262}"="WindowBlinds CPL Extension"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{BBA7EB3F-97AB-4EBD-BCA2-C3C8DBED444F}"="Notmad Explorer Zen"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ACDFDEFC-5FD7-487D-91DC-365235188666}]
@="TIGroupExplorer.Group"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
9d525c~1.dll Sun Aug 21 2005 7:56:24p ..SHR 80 0.08 K
browseui.dll Fri Sep 2 2005 3:52:04p A.... 1,019,904 996.00 K
cdfview.dll Fri Sep 2 2005 3:52:04p A.... 151,040 147.50 K
cdosys.dll Fri Sep 9 2005 5:53:42p A.... 2,067,968 1.97 M
cmdlin~1.dll Mon Sep 12 2005 1:17:34p A.... 98,304 96.00 K
danim.dll Fri Sep 2 2005 3:52:04p A.... 1,053,696 1.00 M
dxtrans.dll Fri Sep 2 2005 3:52:04p A.... 205,312 200.50 K
extmgr.dll Fri Sep 2 2005 3:52:04p ..... 55,808 54.50 K
iepeers.dll Fri Sep 2 2005 3:52:04p A.... 251,392 245.50 K
inseng.dll Fri Sep 2 2005 3:52:04p A.... 96,256 94.00 K
linkinfo.dll Wed Aug 31 2005 5:41:54p A.... 19,968 19.50 K
mshtml.dll Tue Oct 4 2005 4:26:00p A.... 3,015,168 2.88 M
mshtmled.dll Fri Sep 2 2005 3:52:06p A.... 448,512 438.00 K
msrating.dll Fri Sep 2 2005 3:52:06p A.... 146,432 143.00 K
mstime.dll Fri Sep 2 2005 3:52:06p A.... 530,432 518.00 K
netman.dll Mon Aug 22 2005 10:29:46a A.... 197,632 193.00 K
pngfilt.dll Fri Sep 2 2005 3:52:06p A.... 39,424 38.50 K
quartz.dll Mon Aug 29 2005 7:54:26p A.... 1,287,168 1.23 M
shdocvw.dll Fri Sep 2 2005 3:52:06p A.... 1,483,776 1.41 M
shell32.dll Thu Sep 22 2005 7:05:30p A.... 8,450,560 8.06 M
shlwapi.dll Fri Sep 2 2005 3:52:06p A.... 473,600 462.50 K
st3.dll Tue Oct 25 2005 5:38:58a A.... 70,144 68.50 K
umpnpmgr.dll Mon Aug 22 2005 7:35:42p A.... 123,392 120.50 K
urlmon.dll Fri Sep 2 2005 3:52:06p A.... 608,768 594.50 K
wininet.dll Fri Sep 2 2005 3:52:06p A.... 658,432 643.00 K
winsrv.dll Wed Aug 31 2005 5:41:54p A.... 291,840 285.00 K

26 items found: 26 files (1 H/S), 0 directories.
Total of file sizes: 22,845,008 bytes 21.79 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 34E5-D50A

Directory of C:\WINDOWS\System32

08/21/2005 07:56 PM 80 9D525C4804.dll
07/05/2005 02:29 PM <DIR> DLLCACHE
10/28/2004 07:54 PM 1,890 KGyGaAvL.sys
04/24/2002 10:14 PM <DIR> Microsoft
2 File(s) 1,970 bytes
2 Dir(s) 8,646,238,208 bytes free

#14
Danny

Posted 02 November 2005 - 06:20 AM

Visiting Staff

Member
684 posts

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

Click the Free Trial link under to "SpySweeper" to download the program.
Install it.
Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply, as well as a new HijackThis log.

Danny

#15
Midnight364

Posted 02 November 2005 - 05:55 PM

Member

Topic Starter
Member
63 posts

For some reason, Norton Antivirus keeps popping up these Virus Alerts every 5 minutes saying it found C:\Windows\System32\st3.dll and that it's denying access to the file. But I'm guessing that there's something that keeps trying to replace the file still on my system... otherwise why would these notifications keep popping up?

Spy Sweeper Log:
=====================================
********
7:07 AM: | Start of Session, Wednesday, November 02, 2005 |
7:07 AM: Spy Sweeper started
7:07 AM: Sweep initiated using definitions version 564
7:07 AM: Found Trojan Horse: trojan-downloader-2pursuit
7:07 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\st3\ || dllname (ID = 910576)
7:07 AM: st3.dll (ID = 910576)
7:07 AM: Starting Memory Sweep
7:08 AM: Detected running threat: C:\WINDOWS\SYSTEM32\st3.dll (ID = 178361)
7:09 AM: Found Adware: personal money tree
7:09 AM: Detected running threat: C:\Program Files\Personal Money Tree\personalmoneytree.exe (ID = 136094)
7:09 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || PMT (ID = 0)
7:10 AM: Memory Sweep Complete, Elapsed Time: 00:02:33
7:10 AM: Starting Registry Sweep
7:10 AM: Found Adware: apropos
7:10 AM: HKLM\software\microsoft\windows\currentversion\run\ || autoupdater (ID = 103803)
7:10 AM: Found Adware: exact cashback/bargain buddy
7:10 AM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\bargain buddy\ (2 subtraces) (ID = 104023)
7:10 AM: Found Adware: delfin
7:10 AM: HKCR\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}\ (8 subtraces) (ID = 124839)
7:10 AM: HKCR\interface\{41700749-a109-4254-af13-be54011e8783}\ (8 subtraces) (ID = 124840)
7:10 AM: HKLM\software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}\ (8 subtraces) (ID = 124843)
7:10 AM: HKLM\software\classes\interface\{41700749-a109-4254-af13-be54011e8783}\ (8 subtraces) (ID = 124844)
7:10 AM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\delfin media viewer\ (2 subtraces) (ID = 124859)
7:10 AM: HKLM\software\microsoft\windows\currentversion\uninstall\delfin media viewer\ (2 subtraces) (ID = 124878)
7:10 AM: Found Adware: ist istbar
7:10 AM: HKLM\software\classes\clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a}\ (3 subtraces) (ID = 129083)
7:10 AM: Found Trojan Horse: subseven
7:10 AM: HKLM\software\subseven\ (311 subtraces) (ID = 143104)
7:10 AM: Found Adware: abetterinternet
7:10 AM: HKLM\software\dbi\ (29 subtraces) (ID = 145915)
7:10 AM: Found Adware: surf accuracy
7:10 AM: HKLM\software\sacc\ (8 subtraces) (ID = 203068)
7:10 AM: HKLM\software\microsoft\windows\currentversion\uninstall\sacc\ (2 subtraces) (ID = 203070)
7:10 AM: Found Adware: quicklink search toolbar
7:10 AM: HKCR\clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (8 subtraces) (ID = 359437)
7:10 AM: HKCR\clsid\{d1a3a43b-05a1-40cd-834c-053e6c03b258}\ (7 subtraces) (ID = 359438)
7:10 AM: HKCR\comparishopper.application\ (3 subtraces) (ID = 359439)
7:10 AM: HKLM\software\classes\clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (8 subtraces) (ID = 359440)
7:10 AM: HKLM\software\classes\clsid\{d1a3a43b-05a1-40cd-834c-053e6c03b258}\ (7 subtraces) (ID = 359441)
7:10 AM: HKLM\software\classes\comparishopper.application\ (3 subtraces) (ID = 359442)
7:10 AM: HKLM\software\classes\typelib\{ea420048-2898-4110-88c3-1f660b0c7ff3}\ (9 subtraces) (ID = 359443)
7:10 AM: HKLM\software\microsoft\windows\currentversion\run\ || pmt (ID = 359444)
7:10 AM: HKLM\software\microsoft\windows\currentversion\uninstall\personal money tree\ (2 subtraces) (ID = 359445)
7:10 AM: HKCR\typelib\{ea420048-2898-4110-88c3-1f660b0c7ff3}\ (9 subtraces) (ID = 359446)
7:10 AM: HKCR\quicklinks.linktracker.1\ (3 subtraces) (ID = 359448)
7:10 AM: HKCR\quicklinks.linktracker\ (3 subtraces) (ID = 359449)
7:10 AM: HKCR\quicklinks.quicklinksfilter.1\ (3 subtraces) (ID = 359450)
7:10 AM: HKCR\quicklinks.quicklinksfilter\ (3 subtraces) (ID = 359451)
7:10 AM: HKLM\software\classes\quicklinks.linktracker.1\ (3 subtraces) (ID = 359452)
7:10 AM: HKLM\software\classes\quicklinks.linktracker\ (3 subtraces) (ID = 359453)
7:10 AM: HKLM\software\classes\quicklinks.quicklinksfilter.1\ (3 subtraces) (ID = 359454)
7:10 AM: HKLM\software\classes\quicklinks.quicklinksfilter\ (3 subtraces) (ID = 359455)
7:10 AM: HKLM\software\microsoft\windows\currentversion\uninstall\quick links\ (2 subtraces) (ID = 359457)
7:10 AM: HKLM\software\ql\ (2 subtraces) (ID = 359458)
7:10 AM: HKLM\software\pmt\ (2 subtraces) (ID = 705425)
7:10 AM: HKCR\clsid\{1b68470c-2def-493b-8a4a-8e2d81be4ea5}\ (5 subtraces) (ID = 910438)
7:10 AM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {1b68470c-2def-493b-8a4a-8e2d81be4ea5} (ID = 910513)
7:10 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\st3\ (10 subtraces) (ID = 910519)
7:10 AM: HKLM\software\classes\clsid\{1b68470c-2def-493b-8a4a-8e2d81be4ea5}\ (5 subtraces) (ID = 910556)
7:10 AM: Found Adware: comet cursor
7:10 AM: HKU\S-1-5-21-869750193-3508293876-2501954535-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {fe6bc4ef-5676-484b-88ae-883323913256} (ID = 106731)
7:10 AM: Found Adware: exact searchbar
7:10 AM: HKU\S-1-5-21-869750193-3508293876-2501954535-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {224530a0-c9cb-4aee-9c0f-54ac1b533211} (ID = 125865)
7:10 AM: Found Adware: limeshop
7:10 AM: HKU\S-1-5-21-869750193-3508293876-2501954535-1007\software\microsoft\internet explorer\menuext\limeshop preferences\ (2 subtraces) (ID = 129724)
7:10 AM: Found System Monitor: visual log
7:10 AM: HKU\S-1-5-21-869750193-3508293876-2501954535-1007\software\qsetup_dyn_data\ (1 subtraces) (ID = 145736)
7:10 AM: HKU\S-1-5-21-869750193-3508293876-2501954535-1007\software\microsoft\gg\conf\ (56 subtraces) (ID = 802702)
7:10 AM: HKU\S-1-5-21-869750193-3508293876-2501954535-1007\software\microsoft\st3\ (11 subtraces) (ID = 910473)
7:10 AM: Registry Sweep Complete, Elapsed Time:00:00:29
7:10 AM: Starting Cookie Sweep
7:10 AM: Found Spy Cookie: 3 cookie
7:10 AM: midnight@3[2].txt (ID = 1959)
7:10 AM: midnight@3[3].txt (ID = 1959)
7:10 AM: Found Spy Cookie: 5 cookie
7:10 AM: midnight@5[1].txt (ID = 1979)
7:10 AM: Found Spy Cookie: 64.62.232 cookie
7:10 AM: [email protected][1].txt (ID = 1987)
7:10 AM: [email protected][3].txt (ID = 1987)
7:10 AM: [email protected][4].txt (ID = 1987)
7:10 AM: [email protected][5].txt (ID = 1987)
7:10 AM: Found Spy Cookie: 888 cookie
7:10 AM: midnight@888[2].txt (ID = 2019)
7:10 AM: Found Spy Cookie: websponsors cookie
7:10 AM: [email protected][2].txt (ID = 3665)
7:10 AM: Found Spy Cookie: abetterinternet cookie
7:10 AM: midnight@abetterinternet[1].txt (ID = 2035)
7:10 AM: Found Spy Cookie: about cookie
7:10 AM: midnight@about[1].txt (ID = 2037)
7:10 AM: Found Spy Cookie: yieldmanager cookie
7:10 AM: [email protected][2].txt (ID = 3751)
7:10 AM: Found Spy Cookie: adknowledge cookie
7:10 AM: midnight@adknowledge[2].txt (ID = 2072)
7:10 AM: Found Spy Cookie: adprofile cookie
7:10 AM: midnight@adprofile[2].txt (ID = 2084)
7:10 AM: Found Spy Cookie: gorillanation cookie
7:10 AM: [email protected][1].txt (ID = 2744)
7:10 AM: Found Spy Cookie: pointroll cookie
7:10 AM: [email protected][2].txt (ID = 3148)
7:10 AM: Found Spy Cookie: ads.techtv.com cookie
7:10 AM: [email protected][1].txt (ID = 2129)
7:10 AM: Found Spy Cookie: x10 cookie
7:10 AM: [email protected][1].txt (ID = 3712)
7:10 AM: Found Spy Cookie: apmebf cookie
7:10 AM: midnight@apmebf[1].txt (ID = 2229)
7:10 AM: Found Spy Cookie: ask cookie
7:10 AM: midnight@ask[1].txt (ID = 2245)
7:10 AM: Found Spy Cookie: atwola cookie
7:10 AM: midnight@atwola[1].txt (ID = 2255)
7:10 AM: Found Spy Cookie: avres cookie
7:10 AM: midnight@avres[2].txt (ID = 2261)
7:10 AM: Found Spy Cookie: inet-traffic.com cookie
7:10 AM: [email protected][1].txt (ID = 2856)
7:10 AM: Found Spy Cookie: belnk cookie
7:10 AM: midnight@belnk[1].txt (ID = 2292)
7:10 AM: Found Spy Cookie: gostats cookie
7:10 AM: [email protected][2].txt (ID = 2748)
7:10 AM: [email protected][1].txt (ID = 2748)
7:10 AM: Found Spy Cookie: cardomain cookie
7:10 AM: midnight@cardomain[1].txt (ID = 2350)
7:10 AM: Found Spy Cookie: ccbill cookie
7:10 AM: midnight@ccbill[2].txt (ID = 2369)
7:10 AM: Found Spy Cookie: tickle cookie
7:10 AM: [email protected][1].txt (ID = 3530)
7:11 AM: Found Spy Cookie: clickzs cookie
7:11 AM: [email protected][2].txt (ID = 2413)
7:11 AM: [email protected][2].txt (ID = 2413)
7:11 AM: [email protected][1].txt (ID = 2413)
7:11 AM: Found Spy Cookie: dealtime cookie
7:11 AM: midnight@dealtime[2].txt (ID = 2505)
7:11 AM: Found Spy Cookie: desktop kazaa cookie
7:11 AM: [email protected][2].txt (ID = 2515)
7:11 AM: Found Spy Cookie: did-it cookie
7:11 AM: midnight@did-it[2].txt (ID = 2523)
7:11 AM: [email protected][2].txt (ID = 2293)
7:11 AM: Found Spy Cookie: go.com cookie
7:11 AM: [email protected][1].txt (ID = 2729)
7:11 AM: Found Spy Cookie: exitexchange cookie
7:11 AM: midnight@exitexchange[2].txt (ID = 2633)
7:11 AM: Found Spy Cookie: exitfuel cookie
7:11 AM: midnight@exitfuel[1].txt (ID = 2635)
7:11 AM: Found Spy Cookie: fe.lea.lycos.com cookie
7:11 AM: [email protected][1].txt (ID = 2660)
7:11 AM: [email protected][2].txt (ID = 2660)
7:11 AM: [email protected][3].txt (ID = 2660)
7:11 AM: Found Spy Cookie: gamespy cookie
7:11 AM: midnight@gamespy[2].txt (ID = 2719)
7:11 AM: Found Spy Cookie: gotoast cookie
7:11 AM: midnight@gotoast[1].txt (ID = 2751)
7:11 AM: midnight@go[2].txt (ID = 2728)
7:11 AM: Found Spy Cookie: ic-live cookie
7:11 AM: midnight@ic-live[1].txt (ID = 2821)
7:11 AM: [email protected][1].txt (ID = 2729)
7:11 AM: Found Spy Cookie: ugo cookie
7:11 AM: [email protected][2].txt (ID = 3609)
7:11 AM: Found Spy Cookie: metareward.com cookie
7:11 AM: midnight@metareward[2].txt (ID = 2990)
7:11 AM: Found Spy Cookie: aptimus cookie
7:11 AM: [email protected][1].txt (ID = 2235)
7:11 AM: Found Spy Cookie: nextag cookie
7:11 AM: midnight@nextag[2].txt (ID = 5014)
7:11 AM: Found Spy Cookie: netratingsselect cookie
7:11 AM: midnight@nnselect[2].txt (ID = 3065)
7:11 AM: Found Spy Cookie: overture cookie
7:11 AM: [email protected][1].txt (ID = 3106)
7:11 AM: Found Spy Cookie: mircx cookie
7:11 AM: [email protected][2].txt (ID = 2998)
7:11 AM: Found Spy Cookie: rednova cookie
7:11 AM: midnight@rednova[2].txt (ID = 3245)
7:11 AM: Found Spy Cookie: rightmedia cookie
7:11 AM: midnight@rightmedia[2].txt (ID = 3259)
7:11 AM: Found Spy Cookie: domain sponsor cookie
7:11 AM: [email protected][1].txt (ID = 2534)
7:11 AM: Found Spy Cookie: searchexe cookie
7:11 AM: midnight@searchexe[1].txt (ID = 3317)
7:11 AM: Found Spy Cookie: adscpm cookie
7:11 AM: [email protected][1].txt (ID = 2137)
7:11 AM: Found Spy Cookie: serving-sys cookie
7:11 AM: midnight@serving-sys[2].txt (ID = 3343)
7:11 AM: Found Spy Cookie: servlet cookie
7:11 AM: midnight@servlet[2].txt (ID = 3345)
7:11 AM: Found Spy Cookie: dbbsrv cookie
7:11 AM: [email protected][1].txt (ID = 2500)
7:11 AM: [email protected][1].txt (ID = 2506)
7:11 AM: Found Spy Cookie: toplist cookie
7:11 AM: midnight@toplist[1].txt (ID = 3557)
7:11 AM: Found Spy Cookie: burstbeacon cookie
7:11 AM: [email protected][1].txt (ID = 2335)
7:11 AM: [email protected][1].txt (ID = 2351)
7:11 AM: [email protected][1].txt (ID = 2991)
7:11 AM: Found Spy Cookie: myaffiliateprogram.com cookie
7:11 AM: [email protected][2].txt (ID = 3032)
7:11 AM: [email protected][1].txt (ID = 2020)
7:11 AM: Found Spy Cookie: xiti cookie
7:11 AM: midnight@xiti[1].txt (ID = 3717)
7:11 AM: Found Spy Cookie: xuppa cookie
7:11 AM: midnight@xuppa[1].txt (ID = 3729)
7:11 AM: Found Spy Cookie: yadro cookie
7:11 AM: midnight@yadro[1].txt (ID = 3743)
7:11 AM: Found Spy Cookie: adserver cookie
7:11 AM: [email protected][1].txt (ID = 2142)
7:11 AM: Cookie Sweep Complete, Elapsed Time: 00:00:05
7:11 AM: Starting File Sweep
7:11 AM: c:\program files\quick links (2 subtraces) (ID = -2147478145)
7:11 AM: c:\program files\personal money tree (8 subtraces) (ID = -2147478146)
7:11 AM: c:\documents and settings\midnight\start menu\programs\personal money tree (1 subtraces) (ID = -2147476663)
7:11 AM: c:\documents and settings\midnight\local settings\temp\~compoundinst0 (ID = -2147481413)
7:11 AM: c:\documents and settings\midnight\local settings\temp\~apropos0 (3 subtraces) (ID = -2147481414)
7:11 AM: Found Adware: targetsoft
7:11 AM: c:\program files\target soft (1 subtraces) (ID = -2147480166)
7:11 AM: c:\program files\surfaccuracy (1 subtraces) (ID = -2147478266)
7:11 AM: c:\documents and settings\all users\application data\delfin (16 subtraces) (ID = -2147481138)
7:11 AM: c:\documents and settings\all users\start menu\programs\delfin media viewer (3 subtraces) (ID = -2147481130)
7:11 AM: delfinad.ebd (ID = 57676)
7:11 AM: delfinlo.ebd (ID = 57688)
7:11 AM: delfinst.ebd (ID = 57692)
7:12 AM: commands.cfg (ID = 77446)
7:13 AM: pmt.exe (ID = 137597)
7:13 AM: win3000.zip (ID = 77481)
7:14 AM: Found Adware: lopdotcom
7:14 AM: xssidrnoc.lib (ID = 67160)
7:15 AM: pages.cfg (ID = 77455)
7:15 AM: st3[1].dll (ID = 178361)
7:15 AM: st3m[1].dll (ID = 178361)
7:16 AM: Found Adware: 180search assistant/zango
7:16 AM: ncmyb.dll (ID = 70584)
7:16 AM: Found Adware: ezsearchbar
7:16 AM: name_gender.ini (ID = 60351)
7:16 AM: predefined.cfg (ID = 77456)
7:18 AM: Found Adware: statblaster
7:18 AM: bi.ini (ID = 77091)
7:19 AM: del266.tmp (ID = 107355)
7:19 AM: uninst.exe (ID = 73428)
7:19 AM: uninst.exe (ID = 73428)
7:20 AM: icon32x32.ico (ID = 107403)
7:20 AM: setup.cgi (ID = 77473)
7:20 AM: Found System Monitor: golden eye
7:20 AM: goldeneye.exe (ID = 61832)
7:20 AM: comver.dll (ID = 111424)
7:21 AM: preuninstallql.exe (ID = 131326)
7:21 AM: delfintg.ebd (ID = 57693)
7:21 AM: sendkeys.txt (ID = 77471)
7:21 AM: clientpluginfile.txt (ID = 77445)
7:21 AM: matrix.txt (ID = 77452)
7:21 AM: weed_skin.zip (ID = 77480)
7:21 AM: menu.cfg (ID = 77453)
7:21 AM: readme.txt (ID = 77457)
7:21 AM: preuninstallpmt.exe (ID = 74822)
7:22 AM: xml_istbar[1].xml (ID = 64728)
7:22 AM: Found Adware: powerscan
7:22 AM: power_remove[1].exe (ID = 72675)
7:24 AM: del3.tmp (ID = 70482)
7:24 AM: Found Adware: ist sidefind
7:24 AM: sidefind[1].exe (ID = 107461)
7:26 AM: sidefind13[1].dll (ID = 76049)
7:27 AM: bi.ini (ID = 77091)
7:27 AM: Found Adware: topsearch
7:27 AM: topsearch.dll (ID = 79735)
7:30 AM: clientax.dll (ID = 93784)
7:30 AM: res267.tmp (ID = 107353)
7:30 AM: pmtcore.bin (ID = 93264)
7:30 AM: pmtlauncher.exe (ID = 136095)
7:30 AM: st3.dll (ID = 178361)
7:31 AM: pmtskin.bmp (ID = 107409)
7:31 AM: personalmoneytree.exe (ID = 136094)
7:31 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || PMT (ID = 0)
7:31 AM: pmtdata.bin (ID = 93265)
7:31 AM: Found Adware: coolwebsearch (cws)
7:31 AM: adsldpbc.dll (ID = 168772)
7:31 AM: adsldpbc[1].dll (ID = 168772)
7:32 AM: e1f27e.tmp (ID = 140750)
7:32 AM: delfinbd.edx (ID = 57683)
7:32 AM: delfined.edx (ID = 57683)
7:32 AM: delfindl.edx (ID = 57683)
7:32 AM: delfinaf.edx (ID = 57679)
7:32 AM: delfinco.edx (ID = 57683)
7:32 AM: delfinld.edx (ID = 57683)
7:32 AM: delfinsi.edx (ID = 57691)
7:32 AM: delfinky.edx (ID = 57685)
7:32 AM: Found Adware: gain-supported software
7:32 AM: bundle.inf (ID = 61287)
7:32 AM: Found Adware: commonname
7:32 AM: winnet.ini (ID = 53846)
7:32 AM: gain website.url (ID = 61373)
7:32 AM: delfinid.edx (ID = 57691)
7:32 AM: Found Adware: ignkeys
7:32 AM: rules.dat (ID = 63478)
7:32 AM: belt.inf (ID = 83154)
7:32 AM: belt.ini (ID = 83156)
7:32 AM: belt.inf (ID = 83154)
7:32 AM: addr_var.ini (ID = 60329)
7:32 AM: birth_var.ini (ID = 60332)
7:32 AM: city_var.ini (ID = 60333)
7:32 AM: name_var.ini (ID = 60352)
7:32 AM: states.ini (ID = 60360)
7:32 AM: zip_var.ini (ID = 60362)
7:32 AM: phone_var.ini (ID = 60353)
7:32 AM: sentry.inf (ID = 60358)
7:32 AM: sentry.inf (ID = 60358)
7:32 AM: subseven.set (ID = 77479)
7:32 AM: cginotify.txt (ID = 77444)
7:32 AM: skins.txt (ID = 77475)
7:32 AM: icqpwsteal.txt (ID = 77450)
7:33 AM: Found Adware: brilliant digital
7:33 AM: bdedownloader.dll (ID = 51741)
7:34 AM: personal money tree login.lnk (ID = 136095)
7:34 AM: File Sweep Complete, Elapsed Time: 00:23:51
7:34 AM: Full Sweep has completed. Elapsed time 00:27:06
7:34 AM: Traces Found: 813
3:48 PM: Removal process initiated
3:48 PM: Quarantining All Traces: lopdotcom
3:48 PM: Quarantining All Traces: abetterinternet
3:48 PM: Quarantining All Traces: golden eye
3:48 PM: Quarantining All Traces: trojan-downloader-2pursuit
3:48 PM: trojan-downloader-2pursuit is in use. It will be removed on reboot.
3:48 PM: st3.dll is in use. It will be removed on reboot.
3:48 PM: st3[1].dll is in use. It will be removed on reboot.
3:48 PM: st3m[1].dll is in use. It will be removed on reboot.
3:48 PM: st3.dll is in use. It will be removed on reboot.
3:48 PM: C:\WINDOWS\SYSTEM32\st3.dll is in use. It will be removed on reboot.
3:48 PM: Quarantining All Traces: visual log
3:48 PM: Quarantining All Traces: 180search assistant/zango
3:48 PM: Quarantining All Traces: apropos
3:48 PM: Quarantining All Traces: brilliant digital
3:48 PM: Quarantining All Traces: comet cursor
3:48 PM: Quarantining All Traces: commonname
3:48 PM: Quarantining All Traces: coolwebsearch (cws)
3:48 PM: Quarantining All Traces: delfin
3:48 PM: Quarantining All Traces: exact cashback/bargain buddy
3:48 PM: Quarantining All Traces: exact searchbar
3:48 PM: Quarantining All Traces: ezsearchbar
3:48 PM: Quarantining All Traces: gain-supported software
3:48 PM: Quarantining All Traces: ignkeys
3:48 PM: Quarantining All Traces: ist istbar
3:48 PM: Quarantining All Traces: ist sidefind
3:48 PM: Quarantining All Traces: limeshop
3:48 PM: Quarantining All Traces: personal money tree
3:49 PM: personal money tree is in use. It will be removed on reboot.
3:49 PM: personalmoneytree.exe is in use. It will be removed on reboot.
3:49 PM: Quarantining All Traces: powerscan
3:49 PM: Quarantining All Traces: quicklink search toolbar
3:49 PM: quicklink search toolbar is in use. It will be removed on reboot.
3:49 PM: uninst.exe is in use. It will be removed on reboot.
3:49 PM: Quarantining All Traces: statblaster
3:49 PM: Quarantining All Traces: surf accuracy
3:49 PM: Quarantining All Traces: targetsoft
3:50 PM: Quarantining All Traces: topsearch
3:50 PM: Quarantining All Traces: 3 cookie
3:50 PM: Quarantining All Traces: 5 cookie
3:50 PM: Quarantining All Traces: 64.62.232 cookie
3:50 PM: Quarantining All Traces: 888 cookie
3:50 PM: Quarantining All Traces: abetterinternet cookie
3:50 PM: Quarantining All Traces: about cookie
3:50 PM: Quarantining All Traces: adknowledge cookie
3:50 PM: Quarantining All Traces: adprofile cookie
3:50 PM: Quarantining All Traces: ads.techtv.com cookie
3:50 PM: Quarantining All Traces: adscpm cookie
3:50 PM: Quarantining All Traces: adserver cookie
3:50 PM: Quarantining All Traces: apmebf cookie
3:50 PM: Quarantining All Traces: aptimus cookie
3:50 PM: Quarantining All Traces: ask cookie
3:50 PM: Quarantining All Traces: atwola cookie
3:50 PM: Quarantining All Traces: avres cookie
3:50 PM: Quarantining All Traces: belnk cookie
3:50 PM: Quarantining All Traces: burstbeacon cookie
3:50 PM: Quarantining All Traces: cardomain cookie
3:50 PM: Quarantining All Traces: ccbill cookie
3:50 PM: Quarantining All Traces: clickzs cookie
3:50 PM: Quarantining All Traces: dbbsrv cookie
3:50 PM: Quarantining All Traces: dealtime cookie
3:50 PM: Quarantining All Traces: desktop kazaa cookie
3:50 PM: Quarantining All Traces: did-it cookie
3:50 PM: Quarantining All Traces: domain sponsor cookie
3:50 PM: Quarantining All Traces: exitexchange cookie
3:50 PM: Quarantining All Traces: exitfuel cookie
3:50 PM: Quarantining All Traces: fe.lea.lycos.com cookie
3:50 PM: Quarantining All Traces: gamespy cookie
3:50 PM: Quarantining All Traces: go.com cookie
3:50 PM: Quarantining All Traces: gorillanation cookie
3:50 PM: Quarantining All Traces: gostats cookie
3:50 PM: Quarantining All Traces: gotoast cookie
3:50 PM: Quarantining All Traces: ic-live cookie
3:50 PM: Quarantining All Traces: inet-traffic.com cookie
3:50 PM: Quarantining All Traces: metareward.com cookie
3:50 PM: Quarantining All Traces: mircx cookie
3:50 PM: Quarantining All Traces: myaffiliateprogram.com cookie
3:50 PM: Quarantining All Traces: netratingsselect cookie
3:50 PM: Quarantining All Traces: nextag cookie
3:50 PM: Quarantining All Traces: overture cookie
3:50 PM: Quarantining All Traces: pointroll cookie
3:50 PM: Quarantining All Traces: rednova cookie
3:50 PM: Quarantining All Traces: rightmedia cookie
3:50 PM: Quarantining All Traces: searchexe cookie
3:50 PM: Quarantining All Traces: serving-sys cookie
3:50 PM: Quarantining All Traces: servlet cookie
3:50 PM: Quarantining All Traces: tickle cookie
3:50 PM: Quarantining All Traces: toplist cookie
3:50 PM: Quarantining All Traces: ugo cookie
3:50 PM: Quarantining All Traces: websponsors cookie
3:50 PM: Quarantining All Traces: x10 cookie
3:50 PM: Quarantining All Traces: xiti cookie
3:50 PM: Quarantining All Traces: xuppa cookie
3:50 PM: Quarantining All Traces: yadro cookie
3:50 PM: Quarantining All Traces: yieldmanager cookie
3:50 PM: Warning: Launched explorer.exe
3:50 PM: Warning: Quarantine process could not restart Explorer.
3:51 PM: Removal process completed. Elapsed time 00:03:09
********
7:05 AM: | Start of Session, Wednesday, November 02, 2005 |
7:05 AM: Spy Sweeper started
7:07 AM: Your spyware definitions have been updated.
7:07 AM: | End of Session, Wednesday, November 02, 2005 |

================================
Hijackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 3:54:44 PM, on 11/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ATWTUSB.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Documents and Settings\Midnight\Desktop\Shortcuts\KeyCount\KeyCount.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\TBLMOUSE.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\Red Chair Software\Notmad Explorer\notmgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Documents and Settings\Midnight\Desktop\Shortcuts\KeyCount\KeyCount.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Documents and Settings\Midnight\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 68.3.107.49 l2authd.lineage2.com
O1 - Hosts: 205.238.40.1 winmx.com
O1 - Hosts: 205.238.40.1 www.winmx.com
O1 - Hosts: 205.238.40.1 err.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1305.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3314.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3315.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3316.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3317.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3318.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1301.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1302.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3527.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3528.z1303.winmx.com
O1 - Hosts: 82.195.155.5 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3523.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3524.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3525.z1304.winmx.com
O1 - Hosts: 82.195.155.5 c3526.z1304.winmx.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [wtadd_KeyCount.exe] C:\Documents and Settings\Midnight\Desktop\Shortcuts\KeyCount\KeyCount.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Notmad Manager.lnk = C:\Program Files\Red Chair Software\Notmad Explorer\notmgr.exe
O4 - Startup: Registration Prince of Persia Warrior Within.LNK = C:\Program Files\UBISOFT\Prince of Persia Warrior Within\Support\Register\RegistrationReminder.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ImageFox.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct0_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {05717986-A8C7-11D7-A03D-00104BCD089B} (W3IP Control) - http://www.w3ip.com/W3ip.cab
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.ist...ls/launcher.ocx
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BD5FBD60-8AA3-4060-92B9-A868B9FF2FCC} (Reversi Control) - http://mirror.worldw...rsi/reversi.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.righ...l/java/RntX.cab
O18 - Protocol: bw+0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {04ABCCDD-203A-40B2-9737-695F13122640} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Midnight\Desktop\cwshredder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdS

Edited by Midnight364, 02 November 2005 - 06:28 PM.