Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Uknown Malware problem [CLOSED]


  • This topic is locked This topic is locked

#1
theFatTubist

theFatTubist

    New Member

  • Member
  • Pip
  • 4 posts
I have done all the scans suggested in the "start here" topic. There still seems to be an infection that is reinstalling itself from an unknown program. I have windows anit-spyware, lavasoft ad-watch, and NOD32 running. The taskbar icons from many services I have running do not show up 100% of the time. It seems random wich ones do appear and when they appear.

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:02:35 AM, on 11/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AT&T\DSL\programs\dslpca.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Trillian Pro\trillian.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Valve\Steam\steam.exe
C:\Documents and Settings\Nathan Turner\Desktop\tso\tso.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AT&T DSL Service PCA Program] C:\Program Files\AT&T\DSL\programs\dslpca.exe /ws
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] "C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NOD32 Control Center (2).lnk = C:\Program Files\ESET\nod32kui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1099976117403
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O18 - Protocol: bw+0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe





Additionally, as I use WinPatrol, some programs keep trying to install themeselves in the startup forlder after I have removed them. Another twist on the problem is that the programs were ones I had on the computer, but have since deleated.


WinPatrol Report Log
Report created by WinPatrol version 9.7.4.0:9.7.4.0 at 6:36:22 PM, on 10/30/2005

Platform: Windows XP Professional Service Pack 2 (Build 2600)
Browser: Firefox - Firefox version 1.7.12: 2005091517
Memory currently in use: 54%

MSIE: Internet Explorer (6.00.2900.2180)
IE Cookie Path: C:\Documents and Settings\Nathan Turner\Cookies\
Firefox 1.7.12: 2005091517 installed in C:\Program Files\Mozilla Firefox\

HKLM Default_Page_URL = http://www.att.net
HKCU Start Page = http://www.att.net/
HKLM Start Page = http://www.att.net/

WinLogon DefaultUserName=Nathan Turner
WinLogon DefaultDomainName=OX-GATE
WinLogon Shell=Explorer.exe
WinLogon UserInit=C:\WINDOWS\system32\userinit.exe,


• Startup Programs •
# NeroFilterCheck

NeroCheck.exe NeroCheck
Version: 1, 0, 0, 2 Copyright © 2001
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\WINDOWS\system32\NeroCheck.exe
Click for Plus Info


# InCD

InCD.exe InCD
Version: 4, 2, 15, 1 Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Ahead\InCD\InCD.exe
Click for Plus Info


# SunJavaUpdateSched

jusched.exe Java™ 2 Platform Standard Edition binary
Version: 5.0.40.5 Copyright © 2004
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
Click for Plus Info


# Logitech Hardware Abstraction Layer

KHALMNPR.EXE Logitech KHAL Main Process
Version: 2.31.522 © 1998-2005 Logitech. All rights reserved.
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: KHALMNPR.EXE
Click for Plus Info


# SBDrvDet

SBDrvDet.exe /r SBDrvDet.exe
Version: 1.0.0.0 Copyright © Creative Technology Ltd., 2002. All rights reserved.
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
Click for Plus Info


# CTSysVol

CTSysVol.exe /r CTSysVol.exe
Version: 1.0.0.0 Copyright © Creative Technology Ltd., 2002-2003. All rights reserved.
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
Click for Plus Info


# CTDVDDET

CTDVDDET.exe CTDVDDET
Version: 1.0.3.0 Copyright © Creative Technology Ltd., 2002-2003. All rights reserved.
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
Click for Plus Info


# CTHelper

CTHELPER.EXE CtHelper Application
Version: 1, 0, 1, 2 Copyright © 2002-03
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: CTHELPER.EXE
Click for Plus Info


# UpdReg

Updreg.EXE Creative UpdReg
Version: 1.0.2 Copyright © Creative Technology Ltd. 2000
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\WINDOWS\Updreg.EXE
Click for Plus Info


# gcasServ

gcasServ.exe Microsoft AntiSpyware Service
Version: 1.00.0615 Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Click for Plus Info


# ATICCC

cli.exe runtime CLI Application (Command Line Interface)
Version: 1.11.0.0 2002-2005
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime
Click for Plus Info


# iTunesHelper

iTunesHelper.exe iTunesHelper Module
Version: 6.0.0.18 © 2003-2005 Apple Computer, Inc. All Rights Reserved.
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\iTunes\iTunesHelper.exe
Click for Plus Info


# QuickTime Task

qttask.exe -atboottime QuickTime Task
Version: QuickTime 7.0.3 Copyright Apple Computer, Inc. 1989-2005
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\QuickTime\qttask.exe -atboottime
Click for Plus Info


# MsgCenterExe

RealOneMessageCenter.exe -osboot
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe -osboot
Click for Plus Info


# AVG7_CC


avgcc.exe /STARTUP
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
Click for Plus Info


# Anti-Blaxx Manager

Anti-Blaxx.exe
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
Click for Plus Info


# AT&T DSL Service PCA Program

dslpca.exe /ws DSL Application
Version: 4.0.0.0300 Copyright © 2003 AT&T Corp.
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\AT&T\DSL\programs\dslpca.exe /ws
Click for Plus Info


# MSMSGS

msmsgs.exe /background Windows Messenger
Version: Version 4.7.3001 Copyright © Microsoft Corporation 2004
Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Messenger\msmsgs.exe /background
Click for Plus Info


# Steam

steam.exe -silent Steam
Version: 1.0.0.0 © Copyright 2000-2003 Valve Corporation All rights reserved.
Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Path: c:\program files\valve\steam\steam.exe -silent
Click for Plus Info


# SB Audigy 2 Startup Menu

ChkColor.EXE
Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE
Click for Plus Info


# ctfmon.exe

ctfmon.exe CTF Loader
Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved.
Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\WINDOWS\system32\ctfmon.exe
Click for Plus Info


# AWMON

Ad-Watch.exe Ad-Watch System Protector
Version: 3.2 1999-2004 Team Lavasoft
Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
Click for Plus Info


# Internet Download Accelerator


ida.exe -autorun
Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\IDA\ida.exe -autorun
Click for Plus Info


# CLI Application (Command Line Interface)

CLI.exe CLI Application (Command Line Interface)
Version: 1.11.0.0 2002-2005
Location: Windows Startup Group
Path: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Click for Plus Info


# Logitech SetPoint Event Manager

SetPoint.exe Logitech SetPoint Event Manager
Version: 2.31.546 © 1998-2005 Logitech. All rights reserved.
Location: Windows Startup Group
Path: C:\Program Files\Logitech\SetPoint\SetPoint.exe
Click for Plus Info


# Winlogon Userinit

userinit.exe Userinit Logon Application
Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved.
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit
Path: C:\WINDOWS\system32\userinit.exe
Click for Plus Info


# Winlogon Shell

Explorer.exe Windows Explorer
Version: 6.00.2900.2180 © Microsoft Corporation. All rights reserved.
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
Path: Explorer.exe
Click for Plus Info


• Active Tasks •
# Windows NT Session Manager

smss.exe Windows NT Session Manager
Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\smss.exe
Click for Plus Info


# Windows NT Logon Application

winlogon.exe Windows NT Logon Application
Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\winlogon.exe
Click for Plus Info


# Services and Controller app

services.exe Services and Controller app
Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\services.exe
Click for Plus Info


# LSA Shell (Export Version)

lsass.exe LSA Shell (Export Version)
Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\lsass.exe
Click for Plus Info


# ATI External Event Utility EXE Module

ati2evxx.exe ATI External Event Utility EXE Module
Version: 6.14.10.4121 Copyright © 1999-2004 ATI Technologies Inc.
Path: C:\WINDOWS\system32\ati2evxx.exe
Click for Plus Info


# Generic Host Process for Win32 Services

svchost.exe Generic Host Process for Win32 Services
Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\svchost.exe
Click for Plus Info


# incdsrv

InCDsrv.exe incdsrv
Version: 4, 2, 15, 1 Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
Path: C:\PROGRAM FILES\Ahead\InCD\InCDsrv.exe
Click for Plus Info


# Spooler SubSystem App

spoolsv.exe Spooler SubSystem App
Version: 5.1.2600.2696 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\spoolsv.exe
Click for Plus Info


# CTF Loader

ctfmon.exe CTF Loader
Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\ctfmon.exe
Click for Plus Info


# Windows Explorer

explorer.exe Windows Explorer
Version: 6.00.2900.2180 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\explorer.exe
Click for Plus Info


# InCD

InCD.exe InCD
Version: 4, 2, 15, 1 Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
Path: C:\PROGRAM FILES\Ahead\InCD\InCD.exe
Click for Plus Info


# CTSysVol.exe

CTSysVol.exe CTSysVol.exe
Version: 1.0.0.0 Copyright © Creative Technology Ltd., 2002-2003. All rights reserved.
Path: C:\PROGRAM FILES\Creative\SBAUDIGY2ZS\SURROUND MIXER\CTSysVol.exe
Click for Plus Info


# CTDVDDET

CTDVDDET.exe CTDVDDET
Version: 1.0.3.0 Copyright © Creative Technology Ltd., 2002-2003. All rights reserved.
Path: C:\PROGRAM FILES\Creative\SBAUDIGY2ZS\DVDAudio\CTDVDDET.exe
Click for Plus Info


# CtHelper Application

CTHELPER.EXE CtHelper Application
Version: 1, 0, 1, 2 Copyright © 2002-03
Path: C:\WINDOWS\system32\CTHELPER.EXE
Click for Plus Info


# Microsoft AntiSpyware Service

gcasServ.exe Microsoft AntiSpyware Service
Version: 1.00.0615 Path: C:\PROGRAM FILES\MICROSOFT ANTISPYWARE\gcasServ.exe
Click for Plus Info


# CLI Application (Command Line Interface)

CLI.exe CLI Application (Command Line Interface)
Version: 1.11.0.0 2002-2005
Path: C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.exe
Click for Plus Info


# QuickTime Task

qttask.exe QuickTime Task
Version: QuickTime 7.0.3 Copyright Apple Computer, Inc. 1989-2005
Path: C:\PROGRAM FILES\QUICKTIME\qttask.exe
Click for Plus Info


# Ad-Watch System Protector

Ad-Watch.exe Ad-Watch System Protector
Version: 3.2 1999-2004 Team Lavasoft
Path: C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
Click for Plus Info


# Logitech SetPoint Event Manager

SetPoint.exe Logitech SetPoint Event Manager
Version: 2.31.546 © 1998-2005 Logitech. All rights reserved.
Path: C:\PROGRAM FILES\Logitech\SetPoint\SetPoint.exe
Click for Plus Info


# Network DDE - DDE Communication

netdde.exe Network DDE - DDE Communication
Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\netdde.exe
Click for Plus Info


# Windows NT DDE Server

clipsrv.exe Windows NT DDE Server
Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\clipsrv.exe
Click for Plus Info


# Microsoft AntiSpyware Data Service

GCASDTSERV.EXE Microsoft AntiSpyware Data Service
Version: 1.00.0615 Path: C:\PROGRAM FILES\MICROSOFT ANTISPYWARE\GCASDTSERV.EXE
Click for Plus Info


# Creative Service for CDROM Access

CTSVCCDA.EXE Creative Service for CDROM Access
Version: 1.0.0.0 Copyright © Creative Technology Ltd., 1999. All rights reserved.
Path: C:\WINDOWS\system32\CTSVCCDA.EXE
Click for Plus Info


# Machine Debug Manager

MDM.EXE Machine Debug Manager
Version: 7.00.9466 © Microsoft Corporation. All rights reserved.
Path: C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
Click for Plus Info


# NOD32 Kernel Service

nod32krn.exe NOD32 Kernel Service
Version: 2, 50, 25 Copyright © 1992-2005 Eset
Path: C:\PROGRAM FILES\ESET\nod32krn.exe
Click for Plus Info


# Logitech KHAL Main Process

KHALMNPR.EXE Logitech KHAL Main Process
Version: 2.31.522 © 1998-2005 Logitech. All rights reserved.
Path: C:\PROGRAM FILES\COMMON FILES\Logitech\KHAL\KHALMNPR.EXE
Click for Plus Info


# StarWind iSCSI Target (Alcohol Edition)

STARWINDSERVICE.EXE StarWind iSCSI Target (Alcohol Edition)
Version: 2.6.1 Build 0x20050401 Copyright © Rocket Division Software 2003-2005. All rights reserved.
Path: C:\PROGRAM FILES\ALCOHOL SOFT\ALCOHOL 120\StarWind\STARWINDSERVICE.EXE
Click for Plus Info


# WMDM PMSP Service

MsPMSPSv.exe WMDM PMSP Service
Version: 7.00.00.1954 Copyright © Microsoft Corp. 1981-2000
Path: C:\WINDOWS\system32\MsPMSPSv.exe
Click for Plus Info


# NOD32 Control Center GUI

nod32kui.exe NOD32 Control Center GUI
Version: 2, 50, 25 Copyright © 1992-2005 Eset
Path: C:\PROGRAM FILES\ESET\nod32kui.exe
Click for Plus Info


# iPodService Module

IPODSERVICE.EXE iPodService Module
Version: 6.0.0.18 © 2003-2005 Apple Computer, Inc. All Rights Reserved.
Path: C:\PROGRAM FILES\iPod\bin\IPODSERVICE.EXE
Click for Plus Info


# Steam

steam.exe Steam
Version: 1.0.0.0 © Copyright 2000-2003 Valve Corporation All rights reserved.
Path: C:\PROGRAM FILES\Valve\Steam\steam.exe
Click for Plus Info


# Firefox

firefox.exe Firefox
Version: 1.7.12: 2005091517 Mozilla
Path: C:\PROGRAM FILES\MOZILLA FIREFOX\firefox.exe
Click for Plus Info


# iTunes

iTunes.exe iTunes
Version: 6.0.0.18 © 2003-2005 Apple Computer, Inc. All Rights Reserved.
Path: C:\PROGRAM FILES\iTunes\iTunes.exe
Click for Plus Info


# WinPatrol System Monitor

WINPATROL.EXE WinPatrol System Monitor
Version: 9.7.4.0 Copyright © 1997- 2005 BillP Studios
Path: C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
Click for Plus Info


# WinPatrol Explorer

WINPATROLEX.EXE WinPatrol Explorer
Version: 9.7.4.0 Copyright © 2004-2005 BillP Studios
Path: C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE
Click for Plus Info


• IE Helpers •
# AcroIEHelper Library

AcroIEHelper.dll Adobe Acrobat IE Helper Version 7.0 for ActiveX
Version: 7, 0, 0, 0 Copyright 1984-2004 Adobe Systems Incorporated and its licensors. All rights reserved.
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
7, 0, 0, 0
Location: "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"
Click for Plus Info


# Research


C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
Location: "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions"
Click for Plus Info


# Messenger

msmsgs.exe Windows Messenger
Version: Version 4.7.3001 Copyright © Microsoft Corporation 2004
Path: C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Messenger\msmsgs.exe,302
Location: "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions"
Click for Plus Info


• File Types •
# Video Clip

wmplayer.exe /prefetch:8 /Open %L Windows Media Player
Version: 10.00.00.3802 © Microsoft Corporation. All rights reserved.
Path: C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
.AVI
Click for Plus Info


# BSPlayer v1.3

bsplayer.exe %L BSPlayer
Version: 1.3.6.0 © 2000-2005 BST
Path: C:\Program Files\Webteh\BSplayer\bsplayer.exe %L
.AVI
Click for Plus Info


# MS-DOS Batch File

%1 %*
Path: %1 %*
.BAT
Click for Plus Info


# Cabinet File

Explorer.exe /idlist,%I,%L Windows Explorer
Version: 6.00.2900.2180 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\Explorer.exe /idlist,%I,%L
.CAB
Click for Plus Info


# Security Catalog

rundll32.exe cryptext.dll,CryptExtOpenCAT %1 Run a DLL as an App
Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved.
Path: rundll32.exe cryptext.dll,CryptExtOpenCAT %1
.CAT
Click for Plus Info


# Compiled HTML Help file

hh.exe %1 Microsoft® HTML Help Executable
Version: 5.2.3790.2453 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\hh.exe %1
.CHM
Click for Plus Info


# MS-DOS Application

%1 %*
Path: %1 %*
.COM
Click for Plus Info


# Windows NT Command Script

%1 %*
Path: %1 %*
.CMD
Click for Plus Info


# Microsoft Word Document

WINWORD.EXE /n /dde Microsoft Office Word
Version: 11.0.6502 Copyright © 1983-2003 Microsoft Corporation. All rights reserved.
Path: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde
.DOC
Click for Plus Info


# Internet E-Mail Message

msimn.exe /eml:%1 Outlook Express
Version: 6.00.2900.2180 © 2004 Microsoft Corporation. All rights reserved.
Path: C:\Program Files\Outlook Express\msimn.exe /eml:%1
.EML
Click for Plus Info


# Application

%1 %*
Path: %1 %*
.EXE
Click for Plus Info


# Setup Information

NOTEPAD.EXE %1 Notepad
Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\System32\NOTEPAD.EXE %1
.INF
Click for Plus Info


# JScript Script File

WScript.exe %1 %* Microsoft ® Windows Based Script Host
Version: 5.6.0.8820 Copyright © Microsoft Corp. 2002
Path: C:\WINDOWS\System32\WScript.exe %1 %*
.JS
Click for Plus Info


# Text Document

NOTEPAD.EXE %1 Notepad
Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\NOTEPAD.EXE %1
.LOG
Click for Plus Info


# Windows Installer Package

msiexec.exe /i %1 %* Windows® installer
Version: 3.1.4000.1823 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\System32\msiexec.exe /i %1 %*
.MSI
Click for Plus Info


# Outlook Item

OUTLOOK.EXE /f %1 Microsoft Office Outlook
Version: 11.0.6353 Copyright © 1995-2003 Microsoft Corporation. All rights reserved.
Path: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE /f %1
.MSG
Click for Plus Info


# MIDI Sequence

wmplayer.exe /Open %L Windows Media Player
Version: 10.00.00.3802 © Microsoft Corporation. All rights reserved.
Path: C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
.MID
Click for Plus Info


# MP3 Format Sound

wmplayer.exe /prefetch:6 /Open %L Windows Media Player
Version: 10.00.00.3802 © Microsoft Corporation. All rights reserved.
Path: C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
.MP3
Click for Plus Info


# Shortcut to MS-DOS Program

%1 %*
Path: %1 %*
.PIF
Click for Plus Info


# RealMedia File

mplayerc.exe %1 Media Player Classic
Version: 6, 4, 8, 4 Copyright © 2002-2005 Gabest
Path: C:\Program Files\Media Player Classic\mplayerc.exe %1
.RAM
Click for Plus Info


# Registration Entries

regedit.exe %1 Registry Editor
Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved.
Path: regedit.exe %1
.REG
Click for Plus Info


# Rich Text Format

WINWORD.EXE /n /dde Microsoft Office Word
Version: 11.0.6502 Copyright © 1983-2003 Microsoft Corporation. All rights reserved.
Path: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde
.RTF
Click for Plus Info


# Spyware supplemental file

SpybotSD.exe %1
Path: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe %1
.SBS
Click for Plus Info


# Screen Saver

%1 /S
Path: %1 /S
.SCR
Click for Plus Info


# Text Document

NOTEPAD.EXE %1 Notepad
Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\NOTEPAD.EXE %1
.TXT
Click for Plus Info


# Internet Shortcut

rundll32.exe shdocvw.dll,OpenURL %l Run a DLL as an App
Version: 5.1.2600.2180 © Microsoft Corporation. All rights reserved.
Path: rundll32.exe shdocvw.dll,OpenURL %l
.URL
Click for Plus Info


# VBScript Script File

WScript.exe %1 %* Microsoft ® Windows Based Script Host
Version: 5.6.0.8820 Copyright © Microsoft Corp. 2002
Path: C:\WINDOWS\System32\WScript.exe %1 %*
.VBS
Click for Plus Info


# VBScript Encoded Script File

WScript.exe %1 %* Microsoft ® Windows Based Script Host
Version: 5.6.0.8820 Copyright © Microsoft Corp. 2002
Path: C:\WINDOWS\System32\WScript.exe %1 %*
.VBE
Click for Plus Info


# Windows Script File

WScript.exe %1 %* Microsoft ® Windows Based Script Host
Version: 5.6.0.8820 Copyright © Microsoft Corp. 2002
Path: C:\WINDOWS\System32\WScript.exe %1 %*
.WSF
Click for Plus Info


# Windows Script Host Settings File

WScript.exe %1 %* Microsoft ® Windows Based Script Host
Version: 5.6.0.8820 Copyright © Microsoft Corp. 2002
Path: C:\WINDOWS\System32\WScript.exe %1 %*
.WSH
Click for Plus Info


# Microsoft Excel Worksheet

EXCEL.EXE /e Microsoft Office Excel
Version: 11.0.6355 Copyright © 1985-2003 Microsoft Corporation. All rights reserved.
Path: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE /e
.XLS
Click for Plus Info




The bolded items are ones that seem to self generate. I have also uninstalled those programs from my computer.




Addedum: the "pop-up proof" Firefox has been plagued by the aforementioned pop-ups. A majority of these originate from casalemedia or tribalfusion. Excuse my superflous use of multi-syllabic words.


Edit: Seems the first time I posted my HJT log, an error occured and a full lof was not created. It has been fixed.

Edited by theFatTubist, 01 November 2005 - 02:05 AM.

  • 0

Advertisements


#2
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello Nathan and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions!

You don’t have a lot of malware in your HJT log, we will have to look a little deeper. Let’s see what we can do with the first sweep and at least make the log shorter.

Firstly could you please disable Microsoft Antispyware from running during the fix, it may just hinder our attempts to change anything. Right click on the icon (looks like an archery target) in the task bar and click on Security Agents Status (Enabled) then click on Disable Real-time Protection. To re enable it, you follow the same steps but click on Enable Real-time Protection.

Please also disable Ad-Aware Ad-Watch for the same reason.

When your PC has been declared clean, please only enable one of those two programmes to run in real-time. All others should be used as “on demand” scanners. Having more than one antispyware programme running in real-time will cause slowness and even conflicts.

To start please download the following programme, we will run it later. Please save it to a place that you will remember, I suggest the Desktop:
CCleaner

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - <default> - (no file)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O18 - Protocol: bw+0 - {E5F8F137-70A2-4BF5-93F2-7D5F3A4C4054} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
ALL THE 018 ENTRIES
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
Now close all windows other than HiJackThis, then click Fix Checked. Please now reboot into safe mode. Here's how:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should appear where you will be given the option to enter Safe Mode.

Please set your system to show all files; please see here if you're unsure how to do this.

Please delete this file (if present) using Windows Explorer:

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Close Windows Explorer and Reboot normally

Now we must hide the files we revealed earlier by reversing the process, this is an important safeguard to stop important system files being deleted by accident.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, update it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the system tab, then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues

Download:WinPFind

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!

Reboot into Safe Mode: please see here if you are not sure how to do this.

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder.

Restart normally and post the contents of WinPFind.txt
  • 0

#3
theFatTubist

theFatTubist

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for your reply and help on the situation.

I was able to do the first steps of the fix, when I ran into a problem:

When I set my copmuter to boot in SafeMode, it decides to restart than actually boot. No matter how many times I choose "boot in SafeMode", it reboots into normal mode and not safe mode.

Also, I'm having problems downloading wpfind, due to the fact that its website times out each time I try.

P.S. - I'm going to be away for the weekend, so any reply you send I won't see until Sunday night. Thanks very much for your help.

Edited by theFatTubist, 04 November 2005 - 05:59 PM.

  • 0

#4
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
In view of your problems, I think that now is a good time to run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds.

Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the programme, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:My Computer
Tools
Folder Options
View
"Uncheck" Hide protected operating system files.
Then rerun the scan.

Once the scan is complete:

Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed.

Also, please rehide the protected files:My Computer
Tools
Folder Options
View
"Check" Hide protected operating system files.
And perhaps a tutorial on safe mode:

These are the two options for safe mode: During a boot, keep tapping the F8 key and choose Safe mode from the advanced menu or go to Start>Run>type in Msconfig>hit ENTER>Boot.ini and check SafeBoot>Apply, reboot.

If you boot to safe mode and a black screen, press ctrl, alt and delete at the same time. Click on file then new task(run...) In the Open box type msconfig and press enter. If msconfig opens click the boot.ini tab at the top then uncheck /SAFEBOOT Then click on the general tab at the top and make sure Normal startup is checked. Click Apply then OK. The computer should now prompt you to reboot. Hopefully you will be able to get into normal windows now.
  • 0

#5
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP