[ragingbrutal]

Please help i have serious issues with my computer, i have removed a warning sign on my desk top saying SPYWARE INFECTION! but i keep getting this pop up at the top of my screen saying your computer is in fected and if i leave my computer alone command prompt appears and it types programmes in on its own then the mouse icon moves on its own and messes with my desk top, i have icluded my hijack this scan, i would appreciate any help


Logfile of HijackThis v1.99.1
Scan saved at 5:44:56 PM, on 12/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Documents and Settings\JP\Desktop\security suite\ewidoctrl.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\DOCUME~1\JP\LOCALS~1\Temp\28.tmp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\dslmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Cleaner\SpywareCleaner.exe
C:\Documents and Settings\JP\Desktop\tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [appkq32.exe] C:\WINDOWS\appkq32.exe
O4 - HKLM\..\Run: [28.tmp] C:\DOCUME~1\JP\LOCALS~1\Temp\28.tmp.exe
O4 - HKLM\..\Run: [mfcxn.exe] C:\WINDOWS\mfcxn.exe
O4 - HKLM\..\Run: [28.tmp.exe] C:\DOCUME~1\JP\LOCALS~1\Temp\28.tmp.exe
O4 - HKLM\..\Run: [atlqe.exe] C:\WINDOWS\atlqe.exe
O4 - HKLM\..\Run: [netqh.exe] C:\WINDOWS\system32\netqh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm472YYGB
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100457745925
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1CF5D4D-63F0-4B23-9B65-BF43E68FE901}: NameServer = 194.106.56.6 194.106.33.42
O18 - Protocol: bw+0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\JP\Desktop\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program Files\Spyware Cleaner\SCService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[Advertisements]

Hi there

I am UKBiker and I will be helping you here. If you still need assistance, can you please post a fresh HJT log for me here.

[ukbiker]

Hi there

I am UKBiker and I will be helping you here. If you still need assistance, can you please post a fresh HJT log for me here.

[ragingbrutal]

Nice to meet you and thankyou for assisting me here is my HJT log


Logfile of HijackThis v1.99.1
Scan saved at 10:47:57 AM, on 12/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\DOCUME~1\JP\LOCALS~1\Temp\28.tmp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\JP\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [appkq32.exe] C:\WINDOWS\appkq32.exe
O4 - HKLM\..\Run: [28.tmp] C:\DOCUME~1\JP\LOCALS~1\Temp\28.tmp.exe
O4 - HKLM\..\Run: [mfcxn.exe] C:\WINDOWS\mfcxn.exe
O4 - HKLM\..\Run: [28.tmp.exe] C:\DOCUME~1\JP\LOCALS~1\Temp\28.tmp.exe
O4 - HKLM\..\Run: [atlqe.exe] C:\WINDOWS\atlqe.exe
O4 - HKLM\..\Run: [netqh.exe] C:\WINDOWS\system32\netqh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm472YYGB
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100457745925
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1CF5D4D-63F0-4B23-9B65-BF43E68FE901}: NameServer = 194.106.56.6 194.106.33.42
O18 - Protocol: bw+0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[ukbiker]

Hi There

Ok then , here is the fix. It will probably take a few more steps after this to get you completely clean, but this should make a real improvement.

Please print these instructions out for reference as some of this is done in safe mode where you will have no net access.

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear
• Select the first option, to run Windows in Safe Mode.

Now scan with HJT and place a checkmark next to each of the following items and click FIX CHECKED:
===================================================
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [appkq32.exe] C:\WINDOWS\appkq32.exe
O4 - HKLM\..\Run: [28.tmp] C:\DOCUME~1\JP\LOCALS~1\Temp\28.tmp.exe
O4 - HKLM\..\Run: [mfcxn.exe] C:\WINDOWS\mfcxn.exe
O4 - HKLM\..\Run: [28.tmp.exe] C:\DOCUME~1\JP\LOCALS~1\Temp\28.tmp.exe
O4 - HKLM\..\Run: [atlqe.exe] C:\WINDOWS\atlqe.exe
O4 - HKLM\..\Run: [netqh.exe] C:\WINDOWS\system32\netqh.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm472YYGB
===================================================

Close HiJackThis.


Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido security suite.

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.
Let us know if any problems persist.

[Michelle]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[Michelle]

Your topic is now re-opened

[ragingbrutal]

ok here it all is once again thankyou for your help thus far

Incident Status Location

Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\gun55cf7.default\cookies.txt[]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\JP\Cookies\jp@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\JP\Cookies\jp@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\JP\Cookies\jp@doubleclick[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\JP\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\JP\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\JP\Desktop\smitRem.exe[Process.exe]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Sam\Cookies\sam@adultfriendfinder[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Sam\Cookies\[email protected][2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Sam\Cookies\[email protected][2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Sam\Cookies\sam@ccbill[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sam\Cookies\[email protected][2].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Sam\Cookies\sam@outster[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Sam\Cookies\sam@toplist[1].txt
Spyware:Cookie/TopRebates.com Not disinfected C:\Documents and Settings\Sam\Cookies\[email protected][2].txt
Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Program Files\Common Files\WinSoftware\FCrXML.dll
Adware:Adware/Sqwire Not disinfected C:\WINDOWS\autoclk.exe
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
Adware:adware/searchaid Not disinfected C:\WINDOWS\sdkmt32.exe
Adware:Adware/InstaFinder Not disinfected C:\WINDOWS\SYSTEM32\InstaFinder_inst245.exe
Logfile of HijackThis v1.99.1
Scan saved at 3:00:53 PM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Documents and Settings\JP\Desktop\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\dslmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JP\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100457745925
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1CF5D4D-63F0-4B23-9B65-BF43E68FE901}: NameServer = 194.106.56.6 194.106.33.42
O18 - Protocol: bw+0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\JP\Desktop\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\JP\Desktop\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Tue 01/03/2006
The current time is: 11:58:39.28

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Install.dat


~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1280 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN!

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:08:50 PM, 1/3/2006
+ Report-Checksum: 2E5AAD0A

+ Scan result:

C:\Documents and Settings\JP\Cookies\jp@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup


::Report End

[Michelle]

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.
• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
  C:\WINDOWS\sdkmt32.exe
  C:\WINDOWS\SYSTEM32\InstaFinder_inst245.exe
  C:\Program Files\Common Files\WinSoftware\FCrXML.dll
  
  
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

After reboot, using Windows Explorer (right-click your Start button and choose "Explore") delete the following folder:

C:\Program Files\Common Files\WinSoftware

Then please do this for me:

Open HijackThis.
Click on None of the above, just start the program
Click Config (bottom right)
Click Misc Tools
Click Open Uninstall Manager
Click Save List - Save it anywhere.
A notepad will pop-up after it's saved, please copy everything in that Notepad and paste it here.

[ragingbrutal]

Ad-Aware SE Personal
Adobe Acrobat 5.0
ArcSoft PhotoImpression 4
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
ATI HydraVision
AVG Free Edition
Battlefield 2™
Battlefield 2™ Demo
Battlefield 2: Special Forces
Bf2 Stunts Mod 1.52
CloneDVD 3.5
C-Media 3D Audio
Creative MediaSource
Creative System Information
DivX
DivX Player
EPSON PhotoQuicker3.5
EPSON Print CD
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
ESPR200 Reference Guide
ESPR200 Software Guide
ewido anti-malware
ffdshow (remove only)
FoneSync
Fx Video Converter
Google Toolbar for Internet Explorer
Gordian Knot Rip Pack 0.28.8
Guild Wars
Half-Life® 2
HijackThis 1.99.1
iTunes
LiveReg (Symantec Corporation)
Logitech Desktop Messenger
Logitech ImageStudio
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft AutoRoute 2001
Microsoft Money 2001
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MSN Messenger 7.5
MSN Music Assistant
MSN Toolbar
My Web Search (Cursor Mania)
Nero 6 Ultra Edition
Nero Digital
No One Lives Forever 2
Norton AntiSpam
Norton AntiSpam
Norton Internet Security
Norton Internet Security
Panda ActiveScan
Personal License Update Wizard for Windows Media Player
PIF DESIGNER2.1
PowerDVD
QuickTime
SafeCast Shared Components
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB912919)
Shareaza version 2.2.1.0
SILENT HILL 4
SiS 900 PCI Fast Ethernet Adapter Driver
Slipknot 2
Smart Office Keyboard
Sound Blaster Audigy 2
Steam™
Syncrosoft's License Control
TeamSpeak 2 RC2
Uninstall JL2005A Toy Camera
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
VobSub v2.23 (Remove Only)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinImage
WinRAR archiver
WinZip
Wolfenstein - Enemy Territory
Xfire (remove only)
Zoom ADSL USB Modem

[Michelle]

Go to Start > Control Panel > Add or Remove programs and remove the following:

My Web Search (Cursor Mania)

In Internet Explorer, go up to Tools > Internet Options.
click "Delete Cookies" Click OK at the prompt.
Click "Delete Files" - on the prompt put a check next to "Delete Offline Content" Click OK.
Click OK again.

Then Please double-click Killbox.exe to run it.

• Select:
  Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\WINDOWS\appkq32.exe
  C:\WINDOWS\mfcxn.exe
  C:\WINDOWS\atlqe.exe
  C:\WINDOWS\system32\netqh.exe
  C:\DOCUME~1\JP\LOCALS~1\Temp\28.tmp.exe
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

After reboot, run HiJackThis. Place a check next to the following items and click FIX CHECKED:

O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [LDM] \Program\

Close HiJackThis.

Reboot into Safe Mode.

Using Windows Explorer (right-click your Start button and choose "Explore") delete the following folder:

C:\Program Files\Spyware Cleaner

Then please do this for me:

Open HijackThis.
Click on "Open Misc Tools Section"
Make sure that both boxes beside "Generate StartupList Log" are checked:

List all minor sections(Full)

and

List Empty Sections(Complete)

Click "Generate StartupList Log".
Click "Yes" at the prompt

It will produce a NotePad Page. Please save that text to your desktop.

Reboot into normal mode and paste the contents of the text file.

[ragingbrutal]

ok bit of a problem that my web search cursor mania would not delete and thos item would not copy to clip board to paste in to killbox. Any ideas?

[Michelle]

If they wouldn't paste into Killbox then the files are already gone which is good

Open HiJackThis.
Click "Open The Misc Tools Section"
Click "Open Uninstall Manager"
Scroll down until you find My Web Search (Cursor Mania)
Click to highlight it then click Delete this entry
Click Yes at the prompt.
Close HiJackThis.

Look to see if there is a folder present called My Web Search:

C:\Program Files\MyWebSearch

If you find it, delete it.

Then continue with the rest of the instructions in the last post, please

[ragingbrutal]

StartupList report, 1/7/2006, 7:29:55 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\JP\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\JP\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\JP\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
DSLMON.lnk = ?

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

URLLSTCK.exe = C:\Program Files\Norton Internet Security\UrlLstCk.exe
UpdReg = C:\WINDOWS\UpdReg.EXE
SBDrvDet = C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
MULTIMEDIA KEYBOARD = C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
LVCOMS = C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
LogitechImageStudioTray = C:\Program Files\Logitech\ImageStudio\LogiTray.exe
LogitechGalleryRepair = C:\Program Files\Logitech\ImageStudio\ISStart.exe
Lexmark X1100 Series = "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
CTSysVol = C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
CTRegRun = C:\WINDOWS\CTRegRun.EXE
CTHelper = CTHELPER.EXE
CTDVDDET = C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
ATICCC = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Steam = "c:\program files\valve\steam\steam.exe" -silent
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
MoneyAgent = "C:\Program Files\Microsoft Money\System\Money Express.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

*No BHO's found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job
Tune-up Application Start.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Internet Explorer Classes for Java]
CODEBASE = file://C:\WINDOWS\SYSTEM\iejava.cab
OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zon...kr.cab31267.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM32\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://fpdownload.ma...director/sw.cab

[MSSecurityAdvisor Class]
InProcServer32 = C:\WINDOWS\System32\mssecadv.dll
CODEBASE = http://protect.micro...b?1100457695699

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://by11fd.bay11....es/MsnPUpld.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://v5.windowsupd...b?1100457745925

[Wwlaunch Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\wwlaunch.ocx
CODEBASE = http://www.worldwinn...ed/wwlaunch.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zon...nt.cab31267.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pDownloader.cab

[{B9191F79-5613-4C76-AA2A-398534BB8999}]
CODEBASE = http://download.yaho...alls/yab_af.cab

[NsvPlayX Control]
InProcServer32 = C:\PROGRA~1\COMMON~1\NSV\NSVPLA~1.DLL
CODEBASE = http://www.nullsoft....ayx_vp6_mp3.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\System32\nwprovau.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
General Purpose USB Driver (adildr.sys): System32\Drivers\adildr.sys (autostart)
USB ADSL WAN Adapter: system32\DRIVERS\adiusbaw.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD K7 Processor Driver: System32\DRIVERS\amdk7.sys (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ATI Smart: C:\WINDOWS\SYSTEM32\ati2sgag.exe (autostart)
ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (autostart)
AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
C-DillaCdaC11BA: C:\WINDOWS\system32\drivers\CDAC11BA.EXE (autostart)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
CdaC15BA: \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Creative Service for CDROM Access: C:\WINDOWS\system32\CTsvcCDA.exe (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Creative AC3 Software Decoder: system32\drivers\ctac32k.sys (manual start)
Creative Audio Driver (WDM): system32\drivers\ctaud2k.sys (manual start)
Creative DVD-Audio Device Driver: system32\drivers\ctdvda2k.sys (manual start)
Creative Proxy Driver: system32\drivers\ctprxy2k.sys (manual start)
Creative SoundFont Management Device Driver: system32\drivers\ctsfm2k.sys (manual start)
d347bus: system32\DRIVERS\d347bus.sys (system)
d347prt: System32\Drivers\d347prt.sys (system)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
E-mu Plug-in Architecture Driver: system32\drivers\emupia2k.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewdmaudn: \??\C:\DOCUME~1\JP\LOCALS~1\Temp\ewdmaudn.sys (manual start)
ewido security suite control: C:\Documents and Settings\JP\Desktop\ewido anti-malware\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Documents and Settings\JP\Desktop\ewido anti-malware\guard.sys (system)
ewido security suite guard: C:\Documents and Settings\JP\Desktop\ewido anti-malware\ewidoguard.exe (disabled)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms: System32\DRIVERS\gagp30kx.sys (system)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Creative Hardware Abstract Layer Driver: system32\drivers\ha10kx2k.sys (manual start)
Creative P16V HAL Driver: system32\drivers\hap16v2k.sys (manual start)
Creative P17V HAL Driver: system32\drivers\hap17v2k.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
imagedrv: System32\Drivers\imagedrv.sys (system)
imagesrv: system32\DRIVERS\imagesrv.sys (system)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
JL2005A Toy Camera: System32\Drivers\toywdm.sys (manual start)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
ModfNet: \??\C:\WINDOWS\system32\drivers\cdamf.sys (system)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Multimedia Keyboard Filter Driver: System32\DRIVERS\msikbd2k.sys (system)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
musbehco: \??\C:\DOCUME~1\JP\LOCALS~1\Temp\musbehco.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Bridge Cable Driver: system32\DRIVERS\genelan.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Netropa NHK Server: C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe (autostart)
1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
NWLink IPX/SPX/NetBIOS Compatible Transport Protocol: system32\DRIVERS\nwlnkipx.sys (autostart)
NWLink NetBIOS: system32\DRIVERS\nwlnknb.sys (autostart)
NWLink SPX/SPXII Protocol: system32\DRIVERS\nwlnkspx.sys (autostart)
VIA OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
Creative OS Services Driver: system32\drivers\ctoss2k.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
PfModNT: \??\C:\WINDOWS\system32\drivers\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
StarForce Protection Environment Driver v6: \SystemRoot\System32\drivers\prodrv06.sys (system)
StarForce Protection Helper Driver v2: System32\drivers\prohlp02.sys (system)
StarForce Protection Synchronization Driver v1: System32\drivers\prosync1.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: system32\DRIVERS\PxHelp20.sys (system)
Logitech QuickCam Express(PID_0840): system32\DRIVERS\LVCD.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SBP-2 Transport/Protocol Bus Driver: system32\DRIVERS\sbp2port.sys (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
PC Tools Spyware Doctor: C:\Program Files\Spyware Doctor\sdhelp.exe (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
StarForce Protection Helper Driver: System32\drivers\sfhlp01.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiS AGP Filter: system32\DRIVERS\SISAGPX.sys (system)
SiSide: system32\DRIVERS\siside.sys (system)
sisidex: system32\drivers\sisidex.sys (system)
SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)
Add Performance Filter Driver: system32\drivers\sisperf.sys (system)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{52672086-D25F-4451-B55F-5F9A6A1D9CFD} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
WMDM PMSP Service: C:\WINDOWS\system32\MsPMSPSv.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 36,411 bytes
Report generated in 0.172 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

[Michelle]

Hello ragingbrutal

There are 3 files, that I would like you to upload, please, so that I can find out what they are.

Set your system to SHOW HIDDEN FILES

Then, please go here:

http://www.atribune....mit-malware.php

Fill in your username and click the "Browse" button. Locate this file:

C:\WINDOWS\system32\drivers\cdamf.sys

Click Open.

Then click the "Send File" button.

Please do the same for these 2 files as well:

C:\Documents and Settings\JP\Local Settings\Temp\musbehco.sys
C:\Documents and Settings\JP\Local Settings\Temp\ewdmaudn.sys

Then please post a new HiJackThis log for me

[ragingbrutal]

i did all you asked in the post however none of those files are present on my pc and i have not deleted them,

Logfile of HijackThis v1.99.1
Scan saved at 7:06:25 PM, on 1/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\dslmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JP\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100457745925
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1CF5D4D-63F0-4B23-9B65-BF43E68FE901}: NameServer = 194.106.56.6 194.106.33.42
O18 - Protocol: bw+0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {C70ECE84-D9E8-4A3A-87C3-E054DFF71A85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - Unknown owner - C:\Documents and Settings\JP\Desktop\ewido anti-malware\ewidoctrl.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)