Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My computer has all kinds of problems, need help thanks! [RESOLVED

Started by HCRX311 , Dec 21 2005 09:29 AM

  • This topic is locked This topic is locked

#1
HCRX311
Posted 21 December 2005 - 09:29 AM

HCRX311

    Member

  • Member
  • PipPip
  • 64 posts
Very new to these but I was recommended here, I scanned with avg recent and found 10 trojans I got rid of. and I always have been scanning with adaware and spybot but its not doing the trick, plus my computer is just utterly slow. I have 3 users on the comp. I am the main here is my log, and thanks in advance!!!



Logfile of HijackThis v1.99.1
Scan saved at 10:21:55 AM, on 12/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\AOL\1124842741\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124842741\ee\AOLServiceHost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Documents and Settings\TJ\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.3 boards.cexx.org
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.22 lavasoft.de
O1 - Hosts: 127.0.0.23 lavasoftusa.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.26 merijn.org
O1 - Hosts: 127.0.0.27 mjc1.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.32 no-spybot.com
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.34 pchell.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.39 security.kolla.de
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.41 spychecker.com
O1 - Hosts: 127.0.0.42 spychecker.com
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.46 spyware.co.uk
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.48 spywareinfo.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.53 sunbelt-software.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.55 tomcoyote.org
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.61 www.cexx.org
O1 - Hosts: 127.0.0.62 www.computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.69 www.grc.com
O1 - Hosts: 127.0.0.70 www.grisoft.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.75 www.kephyr.com
O1 - Hosts: 127.0.0.76 www.lavasoft.de
O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
O1 - Hosts: 127.0.0.78 www.lurkhere.com
O1 - Hosts: 127.0.0.79 www.majorgeeks.com
O1 - Hosts: 127.0.0.80 www.merijn.org
O1 - Hosts: 127.0.0.81 www.mjc1.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.86 www.no-spybot.com
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.88 www.pchell.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\ddcya.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: (no name) - {9c3610b0-4611-447f-a63c-17a1242a588f} - C:\WINDOWS\system32\eiwmnelh.dll
O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124842741\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comne...iveSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isear...general/drm.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarest...es2/Install.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {416792D8-F532-493A-BECC-1C99A1501FF9} (vmLaunch Class) - http://media2.comcas...vmLauncher2.cab
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupd...ll/aun_0036.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...76/mcinsctl.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.mo...eAutoLaunch.ocx
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europ.../wowbeta/Si.cab
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter...00/SYSsfitb.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference...h to French.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,19/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredim...p1/imloader.cab
O18 - Protocol: bw+0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ddcya - C:\WINDOWS\system32\ddcya.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  • 0

Advertisements

#2
HCRX311
Posted 21 December 2005 - 03:42 PM

HCRX311

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
been running my adaware, and it will pick up around 5-10 items, but never getting rid of my real problems, thanks again.
  • 0

#3
loophole
Posted 21 December 2005 - 05:23 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello HCRX311 :tazz:

Download the Hoster Here
Please do not use program yet

Unzip Hoster to your desktop

Open up the Hoster program.
  • Make sure that the "make hosts writable?" button in the upper right corner is enabled.
  • Click back up Host files
  • then click Restore orginal host files
  • close program

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....

  • At this point press enter one time.
  • Next you will see:

    Please Type in the filepath as instructed by the forum staff
    and then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\ddcya.dll
  • Press Enter to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum
    staff then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\aycdd.*
  • Press Enter to continue with the fix.
  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:

    R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
    O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\ddcya.dll
    O2 - BHO: (no name) - {9c3610b0-4611-447f-a63c-17a1242a588f} - C:\WINDOWS\system32\eiwmnelh.dll
    O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)
    O20 - Winlogon Notify: ddcya - C:\WINDOWS\system32\ddcya.dll

  • After you have fixed these items, close Hijackthis.
  • Press enter to exit the program then manually reboot your computer.
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic
  • 0

#4
HCRX311
Posted 21 December 2005 - 09:39 PM

HCRX311

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Hi Loophole, Thanks for all your help trying to clean my matters up, here is the current logs, and I don't think its all fix because in activescan I still got errors, So point me in the direction of the next step, thanks again for all your help!!!!

Active log....


Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ddcya.dll
Adware:adware/look2me Not disinfected C:\WINDOWS\SYSTEM32\6xO4SVC.DLL
Adware:adware/isearch Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\initial.inf
Adware:adware/quicksearch Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\Install.inf
Spyware:spyware/new.net Not disinfected C:\WINDOWS\NDNuninstall6_38.exe
Adware:adware/mydailyhoroscopeNot disinfected C:\Documents and Settings\TJ\Start Menu\Programs\My Daily Horoscope
Adware:adware/wintools Not disinfected C:\PROGRAM FILES\COMMON FILES\WinTools
Adware:adware/gator Not disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\GAIN Publishing
Adware:adware/gator.ptime Not disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PrecisionTime
Adware:adware/downloadware Not disinfected Windows Registry
Adware:Adware/CWS Not disinfected C:\Documents and Settings\TJ\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Counter.class-762d722b-2b05c5ef.class
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\TJ\Desktop\backups\backup-20051221-204553-813.dll
Spyware:Spyware/LinkReplacer Not disinfected C:\uninst.exe
Adware:Adware/WinAD Not disinfected C:\WINDOWS\Downloaded Program Files\imloader.exe
Adware:Adware/ISearch Not disinfected C:\WINDOWS\Downloaded Program Files\initial.inf
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall6_38.exe
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM\UpdInstall.exe
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\6fO4SVC.DLL
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\6gO4SVC.DLL
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\6hO4SVC.DLL
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\6iO4SVC.DLL
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\6kO4SVC.DLL
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\6nO4SVC.DLL
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\6rO4SVC.DLL
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\6sO4SVC.DLL
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\6vO4SVC.DLL
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\6wO4SVC.DLL
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\6xO4SVC.DLL
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\6yO4SVC.DLL
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\6zO4SVC.DLL
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\AaCTRES.DLL
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\AhMPARSE.DLL
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\AmAAMON.DLL
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\amd.dll
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\AnAAMON.DLL
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\apd.dll
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\asd.dll
Adware:Adware/Look2Me Not disinfected C:\WINDOWS\SYSTEM32\axd.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\ddcya.dll


Vundofix log....

VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------

Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------

killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt

--------------------------------------------------------------------------------------

Filepaths entered
--------------------------------------------------------------------------------------

The filepath entered was C:\WINDOWS\system32\ddcya.dll

The second filepath entered was C:\WINDOWS\system32\aycdd.*

--------------------------------------------------------------------------------------

Log from Process
--------------------------------------------------------------------------------------


Killing PID 148 'smss.exe'
Error 0x6 : The handle is invalid.


Killing PID 768 'explorer.exe'


Killing PID 220 'winlogon.exe'
Error 0x6 : The handle is invalid.

--------------------------------------------------------------------------------------

Could not delete C:\WINDOWS\system32\ddcya.dll.
C:\WINDOWS\system32\aycdd.* Deleted sucessfully.

Fixing Registry
--------------------------------------------------------------------------------------


HiJackThis log....

Logfile of HijackThis v1.99.1
Scan saved at 10:36:40 PM, on 12/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\AOL\1124842741\ee\AOLHostManager.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\AOL\1124842741\ee\AOLServiceHost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TJ\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\ddcya.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124842741\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comne...iveSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isear...general/drm.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarest...es2/Install.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {416792D8-F532-493A-BECC-1C99A1501FF9} (vmLaunch Class) - http://media2.comcas...vmLauncher2.cab
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupd...ll/aun_0036.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...76/mcinsctl.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.mo...eAutoLaunch.ocx
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europ.../wowbeta/Si.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter...00/SYSsfitb.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference...h to French.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,19/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredim...p1/imloader.cab
O18 - Protocol: bw+0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ddcya - C:\WINDOWS\system32\ddcya.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  • 0

#5
HCRX311
Posted 21 December 2005 - 09:53 PM

HCRX311

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
[bleep] still getting the annouying winfixer pop-up.
  • 0

#6
loophole
Posted 21 December 2005 - 10:08 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
hmmm...Never had that fix fail. You have another infection too. This may make things easier for us. If you have used the trial before let me know and we can go to other methods

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click Download Now to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

#7
HCRX311
Posted 21 December 2005 - 10:14 PM

HCRX311

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Haven't used the trial yet, doing so now, its sweeping...

Edited by HCRX311, 21 December 2005 - 10:19 PM.

  • 0

#8
loophole
Posted 21 December 2005 - 11:10 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
OK just post back the results when finished and we'll see whats left :tazz:
  • 0

#9
HCRX311
Posted 22 December 2005 - 12:00 AM

HCRX311

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Man was that a long scan, anyway here are the results. Thanks again.

Spy Sweeper....

********
11:19 PM: | Start of Session, Wednesday, December 21, 2005 |
11:19 PM: Spy Sweeper started
11:19 PM: Sweep initiated using definitions version 589
11:19 PM: Starting Memory Sweep
11:22 PM: Found Adware: virtumonde
11:22 PM: Detected running threat: C:\WINDOWS\SYSTEM32\ddcya.dll (ID = 77)
11:28 PM: Memory Sweep Complete, Elapsed Time: 00:08:31
11:28 PM: Starting Registry Sweep
11:28 PM: Found Trojan Horse: 2nd-thought
11:28 PM: HKCR\clsid\{8940e505-72c6-44de-be85-1d746780efbf}\ (13 subtraces) (ID = 101977)
11:28 PM: HKCR\interface\{6e0ed53c-9908-49ed-b055-7cb31b162577}\ (7 subtraces) (ID = 101978)
11:28 PM: HKCR\interface\{8c53bd8e-b12d-4c8f-ad0e-c9ddc39d1273}\ (8 subtraces) (ID = 101979)
11:28 PM: HKCR\interface\{9bcdd51b-4a7b-446c-8452-d32d38004582}\ (7 subtraces) (ID = 101980)
11:28 PM: HKCR\interface\{49db48ff-02b5-4645-b676-94a4df1aa026}\ (7 subtraces) (ID = 101981)
11:28 PM: HKCR\interface\{830d3aed-2fa9-454f-b266-d931862bbf34}\ (7 subtraces) (ID = 101982)
11:28 PM: HKCR\interface\{a986f4db-792e-4571-8974-0bb6e024766f}\ (7 subtraces) (ID = 101983)
11:28 PM: HKCR\interface\{bccab53d-0895-40c3-a942-a03538ce227a}\ (7 subtraces) (ID = 101984)
11:28 PM: HKCR\interface\{c0f88e9e-dceb-4655-968a-ae508a677c39}\ (7 subtraces) (ID = 101985)
11:28 PM: HKCR\interface\{d7eac2d8-2d52-4010-a4ad-dfdf60c1706c}\ (7 subtraces) (ID = 101986)
11:28 PM: HKLM\software\classes\interface\{6e0ed53c-9908-49ed-b055-7cb31b162577}\ (7 subtraces) (ID = 101993)
11:28 PM: HKLM\software\classes\interface\{8c53bd8e-b12d-4c8f-ad0e-c9ddc39d1273}\ (8 subtraces) (ID = 101994)
11:28 PM: HKLM\software\classes\interface\{9bcdd51b-4a7b-446c-8452-d32d38004582}\ (7 subtraces) (ID = 101995)
11:28 PM: HKLM\software\classes\interface\{49db48ff-02b5-4645-b676-94a4df1aa026}\ (7 subtraces) (ID = 101996)
11:28 PM: HKLM\software\classes\interface\{830d3aed-2fa9-454f-b266-d931862bbf34}\ (7 subtraces) (ID = 101997)
11:28 PM: HKLM\software\classes\interface\{a986f4db-792e-4571-8974-0bb6e024766f}\ (7 subtraces) (ID = 101998)
11:28 PM: HKLM\software\classes\interface\{bccab53d-0895-40c3-a942-a03538ce227a}\ (7 subtraces) (ID = 101999)
11:28 PM: HKLM\software\classes\interface\{c0f88e9e-dceb-4655-968a-ae508a677c39}\ (7 subtraces) (ID = 102000)
11:28 PM: HKLM\software\classes\interface\{d7eac2d8-2d52-4010-a4ad-dfdf60c1706c}\ (7 subtraces) (ID = 102001)
11:28 PM: HKLM\software\classes\swrt01.rt\ (3 subtraces) (ID = 102002)
11:28 PM: HKCR\swrt01.rt\ (3 subtraces) (ID = 102024)
11:28 PM: Found Trojan Horse: alwaysupdatednews
11:28 PM: HKLM\software\microsoft\code store database\distribution units\{47cd99df-8bcf-4b9b-94ef-02e51b2f79da}\ (7 subtraces) (ID = 103552)
11:28 PM: Found Adware: gain - common components
11:28 PM: HKCR\interface\{a2ba5e71-5be3-4007-ac48-157823fb63fb}\ (8 subtraces) (ID = 126746)
11:28 PM: HKLM\software\classes\interface\{a2ba5e71-5be3-4007-ac48-157823fb63fb}\ (8 subtraces) (ID = 126755)
11:28 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/hdplugin1019.dll\ (2 subtraces) (ID = 126765)
11:28 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\hdplugin1019.dll (ID = 126786)
11:28 PM: Found Adware: isearch toolbar
11:28 PM: HKLM\software\microsoft\code store database\distribution units\{1c78ab3f-a857-482e-80c0-3a1e5238a565}\ (12 subtraces) (ID = 129027)
11:28 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/version.txt\ (2 subtraces) (ID = 129037)
11:28 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\version.txt (ID = 129041)
11:28 PM: Found Adware: ist istbar
11:28 PM: HKLM\software\microsoft\code store database\distribution units\{a27ad582-5be5-4c2d-82f0-48b24fe02040}\ (11 subtraces) (ID = 129115)
11:28 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/d_loader.exe\ (2 subtraces) (ID = 129123)
11:28 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\d_loader.exe (ID = 129173)
11:28 PM: Found Adware: my daily horoscope
11:28 PM: HKCR\appid\mydailyhoroscope.exe\ (1 subtraces) (ID = 135378)
11:28 PM: HKCR\appid\{6e0afb50-ab22-477c-b16a-aa155937791c}\ (1 subtraces) (ID = 135379)
11:28 PM: HKLM\software\enconfidence\ (12 subtraces) (ID = 135387)
11:28 PM: Found Adware: networkessentials
11:28 PM: HKLM\software\microsoft\windows\currentversion\uninstall\recommended hotfix - 421701d\ (2 subtraces) (ID = 136174)
11:28 PM: Found Adware: whenu
11:28 PM: HKLM\software\microsoft\windows\currentversion\uninstall\whenusavemsg\ (7 subtraces) (ID = 140451)
11:28 PM: Found Adware: virtualbouncer
11:28 PM: HKLM\software\classes\clsid\{8940e505-72c6-44de-be85-1d746780efbf}\ (13 subtraces) (ID = 145549)
11:28 PM: HKLM\software\classes\typelib\{5e594162-60a9-487d-84b8-dbdd716cb862}\ (9 subtraces) (ID = 145551)
11:28 PM: HKCR\typelib\{5e594162-60a9-487d-84b8-dbdd716cb862}\ (9 subtraces) (ID = 145565)
11:28 PM: Found Adware: websearch toolbar
11:28 PM: HKCR\clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}\ (7 subtraces) (ID = 146322)
11:28 PM: HKCR\clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}\ (7 subtraces) (ID = 146324)
11:28 PM: HKLM\software\classes\clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}\ (7 subtraces) (ID = 146385)
11:28 PM: HKLM\software\classes\clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}\ (7 subtraces) (ID = 146387)
11:28 PM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (8 subtraces) (ID = 146518)
11:28 PM: HKCR\msevents.msevents\ (5 subtraces) (ID = 749130)
11:28 PM: HKCR\msevents.msevents.1\ (3 subtraces) (ID = 749136)
11:28 PM: HKLM\software\classes\msevents.msevents\ (5 subtraces) (ID = 749153)
11:28 PM: HKLM\software\classes\msevents.msevents.1\ (3 subtraces) (ID = 749157)
11:28 PM: Found Adware: whenu save
11:28 PM: HKCR\acm.acmfactory\ (5 subtraces) (ID = 773927)
11:28 PM: HKCR\acm.acmfactory.1\ (3 subtraces) (ID = 773933)
11:28 PM: HKCR\clsid\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad}\ (12 subtraces) (ID = 773937)
11:28 PM: HKCR\typelib\{df901432-1b9f-4f5b-9e56-301c553f9095}\ (9 subtraces) (ID = 773950)
11:28 PM: HKCR\appid\acm.dll\ (1 subtraces) (ID = 773960)
11:28 PM: HKCR\appid\{127df9b4-d75d-44a6-af78-8c3a8ceb03db}\ (1 subtraces) (ID = 773962)
11:28 PM: HKLM\software\classes\acm.acmfactory\ (5 subtraces) (ID = 773964)
11:28 PM: HKLM\software\classes\acm.acmfactory.1\ (3 subtraces) (ID = 773970)
11:28 PM: HKLM\software\classes\appid\acm.dll\ (1 subtraces) (ID = 773974)
11:28 PM: HKLM\software\classes\appid\{127df9b4-d75d-44a6-af78-8c3a8ceb03db}\ (1 subtraces) (ID = 773976)
11:28 PM: HKLM\software\classes\clsid\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad}\ (12 subtraces) (ID = 773979)
11:28 PM: HKLM\software\classes\typelib\{df901432-1b9f-4f5b-9e56-301c553f9095}\ (9 subtraces) (ID = 773992)
11:28 PM: HKCR\clsid\{6dd0bc06-4719-4ba3-bebc-fbae6a448152}\ (12 subtraces) (ID = 954591)
11:28 PM: HKLM\software\classes\clsid\{6dd0bc06-4719-4ba3-bebc-fbae6a448152}\ (12 subtraces) (ID = 954593)
11:28 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{6dd0bc06-4719-4ba3-bebc-fbae6a448152}\ (ID = 954595)
11:28 PM: HKU\WRSS_Profile_S-1-5-21-3399461995-1098473416-284435224-1009\software\isearch\ (44 subtraces) (ID = 129026)
11:28 PM: HKU\WRSS_Profile_S-1-5-21-3399461995-1098473416-284435224-1009\software\microsoft\internet explorer\menuext\&isearch the web\ (2 subtraces) (ID = 129031)
11:28 PM: Found Adware: limeshop
11:28 PM: HKU\WRSS_Profile_S-1-5-21-3399461995-1098473416-284435224-1009\software\microsoft\internet explorer\menuext\limeshop preferences\ (2 subtraces) (ID = 129724)
11:28 PM: HKU\WRSS_Profile_S-1-5-21-3399461995-1098473416-284435224-1009\software\updater\ (1 subtraces) (ID = 136178)
11:28 PM: Found Adware: purityscan
11:28 PM: HKU\WRSS_Profile_S-1-5-21-3399461995-1098473416-284435224-1009\software\microsoft\windows\currentversion\run\ || ndrv (ID = 138540)
11:28 PM: Found Adware: webrebates
11:28 PM: HKU\WRSS_Profile_S-1-5-21-3399461995-1098473416-284435224-1009\software\microsoft\internet explorer\menuext\web rebates\ (2 subtraces) (ID = 146297)
11:28 PM: HKU\WRSS_Profile_S-1-5-21-3399461995-1098473416-284435224-1009\software\microsoft\internet explorer\toolbar\shellbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146462)
11:28 PM: HKU\WRSS_Profile_S-1-5-21-3399461995-1098473416-284435224-1009\software\microsoft\internet explorer\urlsearchhooks\ || {87766247-311c-43b4-8499-3d5fec94a183} (ID = 146467)
11:28 PM: HKU\WRSS_Profile_S-1-5-21-3399461995-1098473416-284435224-1009\software\microsoft\windows\currentversion\run\ || wintools (ID = 146484)
11:28 PM: HKU\WRSS_Profile_S-1-5-21-3399461995-1098473416-284435224-1009\software\toolbar\ (37 subtraces) (ID = 146513)
11:28 PM: HKU\WRSS_Profile_S-1-5-21-3399461995-1098473416-284435224-1009\software\wintools\ (17 subtraces) (ID = 146514)
11:28 PM: Found Adware: 180search assistant/zango
11:28 PM: HKU\WRSS_Profile_S-1-5-21-3399461995-1098473416-284435224-1009\software\zango\ (14 subtraces) (ID = 147919)
11:28 PM: HKU\WRSS_Profile_S-1-5-21-3399461995-1098473416-284435224-1009\software\toolbar\ (37 subtraces) (ID = 646239)
11:28 PM: HKU\WRSS_Profile_S-1-5-21-3399461995-1098473416-284435224-1009\software\wintools\ (17 subtraces) (ID = 646241)
11:28 PM: HKU\WRSS_Profile_S-1-5-21-3399461995-1098473416-284435224-1009\software\microsoft\windows\currentversion\run\ || whenusave (ID = 773978)
11:29 PM: HKU\WRSS_Profile_S-1-5-21-3399461995-1098473416-284435224-1008\software\isearch\ (45 subtraces) (ID = 129026)
11:29 PM: HKU\WRSS_Profile_S-1-5-21-3399461995-1098473416-284435224-1008\software\microsoft\internet explorer\menuext\&isearch the web\ (2 subtraces) (ID = 129031)
11:29 PM: HKU\WRSS_Profile_S-1-5-21-3399461995-1098473416-284435224-1008\software\microsoft\internet explorer\toolbar\webbrowser\ || {1c78ab3f-a857-482e-80c0-3a1e5238a565} (ID = 129033)
11:29 PM: HKU\WRSS_Profile_S-1-5-21-3399461995-1098473416-284435224-1008\software\microsoft\internet explorer\urlsearchhooks\ || {87766247-311c-43b4-8499-3d5fec94a183} (ID = 146467)
11:29 PM: HKU\WRSS_Profile_S-1-5-21-3399461995-1098473416-284435224-1008\software\microsoft\windows\currentversion\run\ || wintools (ID = 146484)
11:29 PM: HKU\S-1-5-21-3399461995-1098473416-284435224-1007\software\isearch\ (48 subtraces) (ID = 129026)
11:29 PM: HKU\S-1-5-21-3399461995-1098473416-284435224-1007\software\microsoft\internet explorer\menuext\&isearch the web\ (2 subtraces) (ID = 129031)
11:29 PM: HKU\S-1-5-21-3399461995-1098473416-284435224-1007\software\enconfidence\ (4 subtraces) (ID = 135386)
11:29 PM: HKU\S-1-5-21-3399461995-1098473416-284435224-1007\software\updater\ (1 subtraces) (ID = 136178)
11:29 PM: Registry Sweep Complete, Elapsed Time:00:01:22
11:29 PM: Starting Cookie Sweep
11:29 PM: Found Spy Cookie: sandboxer cookie
11:29 PM: steve@0[1].txt (ID = 3282)
11:29 PM: Found Spy Cookie: 247realmedia cookie
11:29 PM: steve@247realmedia[1].txt (ID = 1953)
11:29 PM: Found Spy Cookie: 2o7.net cookie
11:29 PM: steve@2o7[2].txt (ID = 1957)
11:29 PM: Found Spy Cookie: 365 cookie
11:29 PM: steve@365[1].txt (ID = 1963)
11:29 PM: Found Spy Cookie: 3 cookie
11:29 PM: steve@3[1].txt (ID = 1959)
11:29 PM: steve@3[2].txt (ID = 1959)
11:29 PM: steve@3[3].txt (ID = 1959)
11:29 PM: steve@3[5].txt (ID = 1959)
11:29 PM: Found Spy Cookie: 412 cookie
11:29 PM: steve@412[2].txt (ID = 1969)
11:29 PM: Found Spy Cookie: 447 cookie
11:29 PM: steve@447[2].txt (ID = 1973)
11:29 PM: Found Spy Cookie: 64.62.232 cookie
11:29 PM: [email protected][1].txt (ID = 1987)
11:29 PM: [email protected][3].txt (ID = 1987)
11:29 PM: [email protected][4].txt (ID = 1987)
11:29 PM: [email protected][5].txt (ID = 1987)
11:29 PM: [email protected][6].txt (ID = 1987)
11:29 PM: Found Spy Cookie: 66.230.183 cookie
11:29 PM: [email protected][1].txt (ID = 1993)
11:29 PM: [email protected][3].txt (ID = 1993)
11:29 PM: Found Spy Cookie: 735 cookie
11:29 PM: steve@735[2].txt (ID = 2009)
11:29 PM: Found Spy Cookie: websponsors cookie
11:29 PM: [email protected][1].txt (ID = 3665)
11:29 PM: Found Spy Cookie: go.com cookie
11:29 PM: [email protected][1].txt (ID = 2729)
11:29 PM: Found Spy Cookie: about cookie
11:29 PM: steve@about[1].txt (ID = 2037)
11:29 PM: Found Spy Cookie: reunion cookie
11:29 PM: [email protected][1].txt (ID = 3256)
11:29 PM: Found Spy Cookie: yieldmanager cookie
11:29 PM: [email protected][2].txt (ID = 3751)
11:29 PM: Found Spy Cookie: adecn cookie
11:29 PM: steve@adecn[2].txt (ID = 2063)
11:29 PM: Found Spy Cookie: adknowledge cookie
11:29 PM: steve@adknowledge[1].txt (ID = 2072)
11:29 PM: Found Spy Cookie: adlegend cookie
11:29 PM: steve@adlegend[1].txt (ID = 2074)
11:29 PM: Found Spy Cookie: hbmediapro cookie
11:29 PM: [email protected][2].txt (ID = 2768)
11:29 PM: Found Spy Cookie: precisead cookie
11:29 PM: [email protected][1].txt (ID = 3182)
11:29 PM: Found Spy Cookie: specificclick.com cookie
11:29 PM: [email protected][1].txt (ID = 3400)
11:29 PM: Found Spy Cookie: adorigin cookie
11:29 PM: steve@adorigin[2].txt (ID = 2082)
11:29 PM: Found Spy Cookie: adprofile cookie
11:29 PM: steve@adprofile[2].txt (ID = 2084)
11:29 PM: Found Spy Cookie: adrevolver cookie
11:29 PM: steve@adrevolver[2].txt (ID = 2088)
11:29 PM: steve@adrevolver[3].txt (ID = 2088)
11:29 PM: Found Spy Cookie: addynamix cookie
11:29 PM: [email protected][2].txt (ID = 2062)
11:29 PM: Found Spy Cookie: cc214142 cookie
11:29 PM: [email protected][1].txt (ID = 2367)
11:29 PM: Found Spy Cookie: pointroll cookie
11:29 PM: [email protected][1].txt (ID = 3148)
11:29 PM: Found Spy Cookie: ads.stileproject cookie
11:29 PM: [email protected][1].txt (ID = 2127)
11:29 PM: Found Spy Cookie: 4u.pl cookie
11:29 PM: [email protected][1].txt (ID = 1978)
11:29 PM: Found Spy Cookie: adultfriendfinder cookie
11:29 PM: steve@adultfriendfinder[2].txt (ID = 2165)
11:29 PM: Found Spy Cookie: advertising cookie
11:29 PM: steve@advertising[2].txt (ID = 2175)
11:29 PM: Found Spy Cookie: apmebf cookie
11:29 PM: steve@apmebf[1].txt (ID = 2229)
11:29 PM: Found Spy Cookie: falkag cookie
11:29 PM: [email protected][2].txt (ID = 2650)
11:29 PM: [email protected][1].txt (ID = 2650)
11:29 PM: Found Spy Cookie: askmen cookie
11:29 PM: steve@askmen[1].txt (ID = 2247)
11:29 PM: Found Spy Cookie: ask cookie
11:29 PM: steve@ask[2].txt (ID = 2245)
11:29 PM: Found Spy Cookie: atlas dmt cookie
11:29 PM: steve@atdmt[2].txt (ID = 2253)
11:29 PM: Found Spy Cookie: belnk cookie
11:29 PM: [email protected][1].txt (ID = 2293)
11:29 PM: Found Spy Cookie: atwola cookie
11:29 PM: steve@atwola[1].txt (ID = 2255)
11:29 PM: Found Spy Cookie: azjmp cookie
11:29 PM: steve@azjmp[2].txt (ID = 2270)
11:29 PM: Found Spy Cookie: a cookie
11:29 PM: steve@a[1].txt (ID = 2027)
11:29 PM: Found Spy Cookie: bannerspace cookie
11:29 PM: steve@bannerspace[2].txt (ID = 2284)
11:29 PM: Found Spy Cookie: banner cookie
11:29 PM: steve@banner[1].txt (ID = 2276)
11:29 PM: steve@belnk[1].txt (ID = 2292)
11:29 PM: Found Spy Cookie: bizrate cookie
11:29 PM: steve@bizrate[2].txt (ID = 2308)
11:29 PM: [email protected][1].txt (ID = 2038)
11:29 PM: Found Spy Cookie: bluestreak cookie
11:29 PM: steve@bluestreak[2].txt (ID = 2314)
11:29 PM: Found Spy Cookie: bs.serving-sys cookie
11:29 PM: [email protected][1].txt (ID = 2330)
11:29 PM: Found Spy Cookie: burstnet cookie
11:29 PM: steve@burstnet[1].txt (ID = 2336)
11:29 PM: Found Spy Cookie: enhance cookie
11:29 PM: [email protected][1].txt (ID = 2614)
11:29 PM: Found Spy Cookie: gostats cookie
11:29 PM: [email protected][2].txt (ID = 2748)
11:29 PM: Found Spy Cookie: casalemedia cookie
11:29 PM: steve@casalemedia[2].txt (ID = 2354)
11:29 PM: Found Spy Cookie: ccbill cookie
11:29 PM: steve@ccbill[1].txt (ID = 2369)
11:29 PM: Found Spy Cookie: centrport net cookie
11:29 PM: steve@centrport[2].txt (ID = 2374)
11:29 PM: [email protected][2].txt (ID = 2038)
11:29 PM: Found Spy Cookie: classmates cookie
11:29 PM: steve@classmates[1].txt (ID = 2384)
11:29 PM: Found Spy Cookie: clickbank cookie
11:29 PM: steve@clickbank[2].txt (ID = 2398)
11:29 PM: Found Spy Cookie: tickle cookie
11:29 PM: [email protected][1].txt (ID = 3530)
11:29 PM: Found Spy Cookie: hitslink cookie
11:29 PM: [email protected][2].txt (ID = 2790)
11:29 PM: Found Spy Cookie: sexsuche cookie
11:29 PM: [email protected][1].txt (ID = 3360)
11:29 PM: Found Spy Cookie: sextracker cookie
11:29 PM: [email protected][1].txt (ID = 3362)
11:29 PM: Found Spy Cookie: counter cookie
11:29 PM: steve@counter[2].txt (ID = 2477)
11:29 PM: Found Spy Cookie: clickzs cookie
11:29 PM: [email protected][1].txt (ID = 2413)
11:29 PM: [email protected][2].txt (ID = 2413)
11:29 PM: [email protected][2].txt (ID = 2413)
11:29 PM: [email protected][1].txt (ID = 2413)
11:29 PM: [email protected][2].txt (ID = 2413)
11:29 PM: Found Spy Cookie: coremetrics cookie
11:29 PM: [email protected][1].txt (ID = 2472)
11:29 PM: Found Spy Cookie: dealtime cookie
11:29 PM: steve@dealtime[2].txt (ID = 2505)
11:29 PM: [email protected][1].txt (ID = 2293)
11:29 PM: Found Spy Cookie: e.spyspotter cookie
11:29 PM: [email protected][2].txt (ID = 2553)
11:29 PM: Found Spy Cookie: ru4 cookie
11:29 PM: [email protected][2].txt (ID = 3269)
11:29 PM: [email protected][1].txt (ID = 1958)
11:29 PM: Found Spy Cookie: eroticy cookie
11:29 PM: steve@eroticy[1].txt (ID = 2623)
11:29 PM: [email protected][1].txt (ID = 2729)
11:29 PM: Found Spy Cookie: exitexchange cookie
11:29 PM: steve@exitexchange[2].txt (ID = 2633)
11:29 PM: Found Spy Cookie: exitfuel cookie
11:29 PM: steve@exitfuel[1].txt (ID = 2635)
11:29 PM: Found Spy Cookie: fastclick cookie
11:29 PM: steve@fastclick[2].txt (ID = 2651)
11:29 PM: Found Spy Cookie: fe.lea.lycos.com cookie
11:29 PM: [email protected][1].txt (ID = 2660)
11:29 PM: Found Spy Cookie: fortunecity cookie
11:29 PM: steve@fortunecity[1].txt (ID = 2686)
11:29 PM: Found Spy Cookie: wegcash cookie
11:29 PM: [email protected][1].txt (ID = 3682)
11:29 PM: Found Spy Cookie: gangbangsquad cookie
11:29 PM: steve@gangbangsquad[2].txt (ID = 2720)
11:29 PM: Found Spy Cookie: go2net.com cookie
11:29 PM: steve@go2net[1].txt (ID = 2730)
11:29 PM: steve@gostats[2].txt (ID = 2747)
11:29 PM: steve@go[1].txt (ID = 2728)
11:29 PM: [email protected][1].txt (ID = 2038)
11:29 PM: Found Spy Cookie: humanclick cookie
11:29 PM: [email protected][1].txt (ID = 2810)
11:29 PM: Found Spy Cookie: clickandtrack cookie
11:29 PM: [email protected][1].txt (ID = 2397)
11:29 PM: Found Spy Cookie: homestore cookie
11:29 PM: steve@homestore[2].txt (ID = 2793)
11:29 PM: Found Spy Cookie: howstuffworks cookie
11:29 PM: steve@howstuffworks[2].txt (ID = 2805)
11:29 PM: Found Spy Cookie: hypertracker.com cookie
11:29 PM: steve@hypertracker[1].txt (ID = 2817)
11:29 PM: Found Spy Cookie: ic-live cookie
11:29 PM: steve@ic-live[1].txt (ID = 2821)
11:29 PM: Found Spy Cookie: imlive.com cookie
11:29 PM: steve@imlive[1].txt (ID = 2843)
11:29 PM: Found Spy Cookie: zango cookie
11:29 PM: [email protected][2].txt (ID = 3761)
11:29 PM: Found Spy Cookie: jp18 cookie
11:29 PM: steve@jp18[2].txt (ID = 2891)
11:29 PM: Found Spy Cookie: kinghost cookie
11:29 PM: steve@kinghost[2].txt (ID = 2903)
11:29 PM: Found Spy Cookie: kmpads cookie
11:29 PM: steve@kmpads[1].txt (ID = 2909)
11:29 PM: Found Spy Cookie: domainsponsor cookie
11:29 PM: [email protected][1].txt (ID = 2535)
11:29 PM: Found Spy Cookie: linksynergy cookie
11:29 PM: steve@linksynergy[2].txt (ID = 2926)
11:29 PM: Found Spy Cookie: maxserving cookie
11:29 PM: steve@maxserving[2].txt (ID = 2966)
11:29 PM: [email protected][1].txt (ID = 2652)
11:29 PM: Found Spy Cookie: ugo cookie
11:29 PM: [email protected][2].txt (ID = 3609)
11:29 PM: Found Spy Cookie: metareward.com cookie
11:29 PM: steve@metareward[2].txt (ID = 2990)
11:29 PM: Found Spy Cookie: military cookie
11:29 PM: steve@military[1].txt (ID = 2996)
11:29 PM: Found Spy Cookie: mydailyhoroscope cookie
11:29 PM: steve@mydailyhoroscope[1].txt (ID = 3035)
11:29 PM: Found Spy Cookie: mygeek cookie
11:29 PM: steve@mygeek[1].txt (ID = 3041)
11:30 PM: Found Spy Cookie: nextag cookie
11:30 PM: steve@nextag[1].txt (ID = 5014)
11:30 PM: Found Spy Cookie: offeroptimizer cookie
11:30 PM: steve@offeroptimizer[2].txt (ID = 3087)
11:30 PM: Found Spy Cookie: touchclarity cookie
11:30 PM: [email protected][1].txt (ID = 3567)
11:30 PM: Found Spy Cookie: partypoker cookie
11:30 PM: steve@partypoker[2].txt (ID = 3111)
11:30 PM: Found Spy Cookie: paycounter cookie
11:30 PM: steve@paycounter[1].txt (ID = 3115)
11:30 PM: Found Spy Cookie: paypopup cookie
11:30 PM: steve@paypopup[1].txt (ID = 3119)
11:30 PM: Found Spy Cookie: overture cookie
11:30 PM: [email protected][1].txt (ID = 3106)
11:30 PM: [email protected][2].txt (ID = 3120)
11:30 PM: Found Spy Cookie: valuead cookie
11:30 PM: [email protected][1].txt (ID = 3627)
11:30 PM: Found Spy Cookie: pro-market cookie
11:30 PM: steve@pro-market[1].txt (ID = 3197)
11:30 PM: [email protected][1].txt (ID = 3682)
11:30 PM: Found Spy Cookie: pub cookie
11:30 PM: steve@pub[1].txt (ID = 3205)
11:30 PM: Found Spy Cookie: qksrv cookie
11:30 PM: steve@qksrv[2].txt (ID = 3213)
11:30 PM: Found Spy Cookie: qsrch cookie
11:30 PM: steve@qsrch[1].txt (ID = 3215)
11:30 PM: Found Spy Cookie: questionmarket cookie
11:30 PM: steve@questionmarket[1].txt (ID = 3217)
11:30 PM: Found Spy Cookie: directtrack cookie
11:30 PM: [email protected][1].txt (ID = 2528)
11:30 PM: Found Spy Cookie: realmedia cookie
11:30 PM: steve@realmedia[1].txt (ID = 3235)
11:30 PM: steve@reunion[2].txt (ID = 3255)
11:30 PM: Found Spy Cookie: revenue.net cookie
11:30 PM: steve@revenue[1].txt (ID = 3257)
11:30 PM: Found Spy Cookie: rightmedia cookie
11:30 PM: steve@rightmedia[1].txt (ID = 3259)
11:30 PM: Found Spy Cookie: rn11 cookie
11:30 PM: steve@rn11[2].txt (ID = 3261)
11:30 PM: Found Spy Cookie: adjuggler cookie
11:30 PM: [email protected][1].txt (ID = 2071)
11:30 PM: [email protected][1].txt (ID = 2729)
11:30 PM: [email protected][1].txt (ID = 2534)
11:30 PM: Found Spy Cookie: searchadnetwork cookie
11:30 PM: steve@searchadnetwork[2].txt (ID = 3311)
11:30 PM: Found Spy Cookie: server.iad.liveperson cookie
11:30 PM: [email protected][1].txt (ID = 3341)
11:30 PM: Found Spy Cookie: web-stat cookie
11:30 PM: [email protected][2].txt (ID = 3649)
11:30 PM: Found Spy Cookie: serving-sys cookie
11:30 PM: steve@serving-sys[2].txt (ID = 3343)
11:30 PM: Found Spy Cookie: servlet cookie
11:30 PM: steve@servlet[2].txt (ID = 3345)
11:30 PM: steve@servlet[3].txt (ID = 3345)
11:30 PM: steve@sextracker[1].txt (ID = 3361)
11:30 PM: [email protected][2].txt (ID = 2729)
11:30 PM: Found Spy Cookie: starware.com cookie
11:30 PM: steve@starware[2].txt (ID = 3441)
11:30 PM: [email protected][1].txt (ID = 2506)
11:30 PM: Found Spy Cookie: onestat.com cookie
11:30 PM: [email protected][1].txt (ID = 3098)
11:30 PM: Found Spy Cookie: statcounter cookie
11:30 PM: steve@statcounter[2].txt (ID = 3447)
11:30 PM: Found Spy Cookie: statstracking cookie
11:30 PM: steve@stats-tracking[2].txt (ID = 3453)
11:30 PM: Found Spy Cookie: reliablestats cookie
11:30 PM: [email protected][2].txt (ID = 3254)
11:30 PM: Found Spy Cookie: webtrendslive cookie
11:30 PM: [email protected][1].txt (ID = 3667)
11:30 PM: Found Spy Cookie: targetnet cookie
11:30 PM: steve@targetnet[2].txt (ID = 3489)
11:30 PM: Found Spy Cookie: teensforcash cookie
11:30 PM: steve@teensforcash[1].txt (ID = 3509)
11:30 PM: steve@tickle[1].txt (ID = 3529)
11:30 PM: Found Spy Cookie: toplist cookie
11:30 PM: steve@toplist[1].txt (ID = 3557)
11:30 PM: steve@toplist[2].txt (ID = 3557)
11:30 PM: Found Spy Cookie: sexsearch cookie
11:30 PM: [email protected][1].txt (ID = 3358)
11:30 PM: Found Spy Cookie: tracking cookie
11:30 PM: steve@tracking[2].txt (ID = 3571)
11:30 PM: Found Spy Cookie: tradedoubler cookie
11:30 PM: steve@tradedoubler[1].txt (ID = 3575)
11:30 PM: Found Spy Cookie: trafficmp cookie
11:30 PM: steve@trafficmp[1].txt (ID = 3581)
11:30 PM: Found Spy Cookie: tribalfusion cookie
11:30 PM: steve@tribalfusion[1].txt (ID = 3589)
11:30 PM: [email protected][2].txt (ID = 2246)
11:30 PM: steve@valuead[1].txt (ID = 3626)
11:30 PM: Found Spy Cookie: videodome cookie
11:30 PM: steve@videodome[1].txt (ID = 3638)
11:30 PM: [email protected][1].txt (ID = 2413)
11:30 PM: Found Spy Cookie: webpower cookie
11:30 PM: steve@webpower[1].txt (ID = 3660)
11:30 PM: Found Spy Cookie: joetec.net cookie
11:30 PM: [email protected][1].txt (ID = 2890)
11:30 PM: Found Spy Cookie: adshooter cookie
11:30 PM: [email protected][2].txt (ID = 2150)
11:30 PM: Found Spy Cookie: affiliatefuel.com cookie
11:30 PM: [email protected][1].txt (ID = 2202)
11:30 PM: Found Spy Cookie: brazilwelcomesyou cookie
11:30 PM: [email protected][1].txt (ID = 2325)
11:30 PM: Found Spy Cookie: burstbeacon cookie
11:30 PM: [email protected][1].txt (ID = 2335)
11:30 PM: [email protected][2].txt (ID = 2337)
11:30 PM: Found Spy Cookie: www.club-nikki cookie
11:30 PM: [email protected][1].txt (ID = 2420)
11:30 PM: [email protected][2].txt (ID = 2624)
11:30 PM: [email protected][1].txt (ID = 2892)
11:30 PM: Found Spy Cookie: myaffiliateprogram.com cookie
11:30 PM: [email protected][2].txt (ID = 3032)
11:30 PM: [email protected][1].txt (ID = 5015)
11:30 PM: Found Spy Cookie: screensavers.com cookie
11:30 PM: [email protected][2].txt (ID = 3298)
11:30 PM: [email protected][1].txt (ID = 3312)
11:30 PM: [email protected][2].txt (ID = 3510)
11:30 PM: Found Spy Cookie: xzoomy cookie
11:30 PM: [email protected][2].txt (ID = 3742)
11:30 PM: Found Spy Cookie: x10 cookie
11:30 PM: steve@x10[2].txt (ID = 3711)
11:30 PM: Found Spy Cookie: xiti cookie
11:30 PM: steve@xiti[1].txt (ID = 3717)
11:30 PM: Found Spy Cookie: xren_cj cookie
11:30 PM: steve@xren_cj[1].txt (ID = 3723)
11:30 PM: Found Spy Cookie: yadro cookie
11:30 PM: steve@yadro[2].txt (ID = 3743)
11:30 PM: steve@yieldmanager[2].txt (ID = 3749)
11:30 PM: Found Spy Cookie: adserver cookie
11:30 PM: [email protected][2].txt (ID = 2142)
11:30 PM: Found Spy Cookie: zedo cookie
11:30 PM: steve@zedo[1].txt (ID = 3762)
11:30 PM: mom@2o7[1].txt (ID = 1957)
11:30 PM: [email protected][2].txt (ID = 3751)
11:30 PM: [email protected][1].txt (ID = 3400)
11:30 PM: mom@adrevolver[1].txt (ID = 2088)
11:30 PM: [email protected][2].txt (ID = 3148)
11:30 PM: mom@advertising[2].txt (ID = 2175)
11:30 PM: mom@apmebf[1].txt (ID = 2229)
11:30 PM: [email protected][2].txt (ID = 2650)
11:30 PM: mom@ask[1].txt (ID = 2245)
11:30 PM: mom@atdmt[1].txt (ID = 2253)
11:30 PM: mom@atwola[1].txt (ID = 2255)
11:30 PM: mom@azjmp[1].txt (ID = 2270)
11:30 PM: mom@banner[1].txt (ID = 2276)
11:30 PM: mom@belnk[1].txt (ID = 2292)
11:30 PM: mom@bluestreak[2].txt (ID = 2314)
11:30 PM: [email protected][1].txt (ID = 1958)
11:30 PM: mom@centrport[2].txt (ID = 2374)
11:30 PM: Found Spy Cookie: customer cookie
11:30 PM: mom@customer[1].txt (ID = 2481)
11:30 PM: [email protected][1].txt (ID = 2472)
11:30 PM: [email protected][2].txt (ID = 2293)
11:30 PM: mom@kmpads[1].txt (ID = 2909)
11:30 PM: mom@linksynergy[1].txt (ID = 2926)
11:30 PM: mom@nextag[1].txt (ID = 5014)
11:30 PM: mom@overture[1].txt (ID = 3105)
11:30 PM: [email protected][1].txt (ID = 3567)
11:30 PM: mom@partypoker[2].txt (ID = 3111)
11:30 PM: [email protected][1].txt (ID = 3106)
11:30 PM: mom@questionmarket[1].txt (ID = 3217)
11:30 PM: Found Spy Cookie: rednova cookie
11:30 PM: mom@rednova[2].txt (ID = 3245)
11:30 PM: mom@revenue[1].txt (ID = 3257)
11:30 PM: Found Spy Cookie: servedby advertising cookie
11:30 PM: [email protected][1].txt (ID = 3335)
11:30 PM: mom@serving-sys[2].txt (ID = 3343)
11:30 PM: [email protected][2].txt (ID = 2506)
11:30 PM: [email protected][1].txt (ID = 3254)
11:30 PM: mom@trafficmp[2].txt (ID = 3581)
11:30 PM: mom@tribalfusion[2].txt (ID = 3589)
11:30 PM: tj@advertising[1].txt (ID = 2175)
11:30 PM: Found Spy Cookie: cardomain cookie
11:30 PM: tj@cardomain[2].txt (ID = 2350)
11:30 PM: tj@centrport[2].txt (ID = 2374)
11:30 PM: [email protected][1].txt (ID = 3335)
11:30 PM: [email protected][2].txt (ID = 3254)
11:30 PM: Cookie Sweep Complete, Elapsed Time: 00:00:21
11:30 PM: Starting File Sweep
11:30 PM: c:\documents and settings\steve\local settings\temp\fsg_tmp (2 subtraces) (ID = -2147480935)
11:30 PM: Found Adware: altnet
11:30 PM: c:\documents and settings\steve\local settings\temp\admcache (ID = -2147481437)
11:30 PM: c:\documents and settings\steve\start menu\programs\altnet (ID = -2147481443)
11:30 PM: c:\documents and settings\tj\start menu\programs\my daily horoscope (1 subtraces) (ID = -2147480582)
11:30 PM: c:\program files\common files\wintools (2 subtraces) (ID = -2147480046)
11:30 PM: c:\program files\zango (ID = -2147479981)
11:30 PM: Found Adware: precisiontime
11:30 PM: c:\documents and settings\all users\start menu\programs\precisiontime (2 subtraces) (ID = -2147480948)
11:30 PM: c:\documents and settings\all users\start menu\programs\gain publishing (2 subtraces) (ID = -2147480950)
11:30 PM: Found Adware: dashbar
11:30 PM: c:\documents and settings\steve\start menu\programs\dashbar (1 subtraces) (ID = -2147480960)
11:30 PM: c:\documents and settings\steve\start menu\programs\whenu (3 subtraces) (ID = -2147480383)
11:34 PM: Found Adware: winantispyware 2005
11:34 PM: winfixerscannerinstall[1].exe (ID = 212545)
11:37 PM: a0162646.exe (ID = 182874)
11:39 PM: winfixerscannerinstall[1].exe (ID = 212545)
11:39 PM: winfixerscannerinstall[1].exe (ID = 212545)
11:40 PM: winfixerscannerinstall[1].exe (ID = 212545)
11:47 PM: Found Adware: look2me
11:47 PM: anaamon.dll (ID = 65708)
12:01 AM: a0162645.dll (ID = 182873)
12:02 AM: 6yo4svc.dll (ID = 65708)
12:02 AM: 6so4svc.dll (ID = 65708)
12:02 AM: 6vo4svc.dll (ID = 65708)
12:12 AM: Found Adware: whenu savenow
12:12 AM: a0144395.exe (ID = 127164)
12:13 AM: 6xo4svc.dll (ID = 65708)
12:13 AM: asd.dll (ID = 65708)
12:14 AM: amaamon.dll (ID = 65708)
12:14 AM: 6wo4svc.dll (ID = 65708)
12:14 AM: 6zo4svc.dll (ID = 65708)
12:14 AM: Found Adware: zestyfind desktop links
12:14 AM: iconzz.exe (ID = 91156)
12:16 AM: dashbar website.lnk (ID = 61317)
12:16 AM: about gain publishing.lnk (ID = 61270)
12:16 AM: precisiontime.lnk (ID = 61563)
12:20 AM: 6go4svc.dll (ID = 65708)
12:20 AM: 6ho4svc.dll (ID = 65708)
12:20 AM: 6io4svc.dll (ID = 65708)
12:20 AM: 6ko4svc.dll (ID = 65708)
12:20 AM: 6no4svc.dll (ID = 65708)
12:21 AM: vvsninst.exe (ID = 74460)
12:21 AM: winfixerscannerinstall[1].cab (ID = 209203)
12:21 AM: 6fo4svc.dll (ID = 65708)
12:21 AM: 6ro4svc.dll (ID = 65708)
12:22 AM: vvsninst.exe (ID = 74460)
12:25 AM: a0162647.exe (ID = 182875)
12:25 AM: a0144396.exe (ID = 125357)
12:25 AM: updinstall.exe (ID = 65970)
12:32 AM: a0155616.dll (ID = 182873)
12:32 AM: asmfiles.cab (ID = 49805)
12:33 AM: axd.dll (ID = 65708)
12:33 AM: aactres.dll (ID = 65708)
12:33 AM: amd.dll (ID = 65708)
12:33 AM: apd.dll (ID = 65708)
12:33 AM: ahmparse.dll (ID = 65708)
12:37 AM: gain publishing web site.url (ID = 61372)
12:38 AM: initial.inf (ID = 64361)
12:38 AM: bundle.inf (ID = 61287)
12:38 AM: downloader.inf (ID = 64513)
12:38 AM: Found Adware: webhancer
12:38 AM: a0155651.ini (ID = 188794)
12:38 AM: Warning: Invalid file - not a PKZip file
12:38 AM: Warning: Invalid file - not a PKZip file
12:43 AM: Warning: Invalid file - not a PKZip file
12:43 AM: Warning: Invalid file - not a PKZip file
12:43 AM: Warning: Invalid file - not a PKZip file
12:43 AM: Warning: Invalid file - not a PKZip file
12:43 AM: Warning: Invalid file - not a PKZip file
12:44 AM: Sweep Canceled
12:48 AM: File Sweep Complete, Elapsed Time: 01:17:52
12:48 AM: Traces Found: 1055
12:50 AM: Removal process initiated
12:51 AM: Quarantining All Traces: 180search assistant/zango
12:51 AM: Quarantining All Traces: 2nd-thought
12:51 AM: Quarantining All Traces: ist istbar
12:51 AM: Quarantining All Traces: look2me
12:51 AM: Quarantining All Traces: purityscan
12:51 AM: Quarantining All Traces: virtumonde
12:51 AM: virtumonde is in use. It will be removed on reboot.
12:51 AM: C:\WINDOWS\SYSTEM32\ddcya.dll is in use. It will be removed on reboot.
12:51 AM: Quarantining All Traces: websearch toolbar
12:51 AM: Quarantining All Traces: alwaysupdatednews
12:51 AM: Quarantining All Traces: isearch toolbar
12:52 AM: Quarantining All Traces: altnet
12:52 AM: Quarantining All Traces: limeshop
12:52 AM: Quarantining All Traces: my daily horoscope
12:52 AM: Quarantining All Traces: networkessentials
12:52 AM: Quarantining All Traces: virtualbouncer
12:52 AM: Quarantining All Traces: webhancer
12:54 AM: Quarantining All Traces: webrebates
12:54 AM: Quarantining All Traces: winantispyware 2005
12:54 AM: Quarantining All Traces: zestyfind desktop links
12:54 AM: Quarantining All Traces: 247realmedia cookie
12:54 AM: Quarantining All Traces: 2o7.net cookie
12:54 AM: Quarantining All Traces: 3 cookie
12:54 AM: Quarantining All Traces: 365 cookie
12:55 AM: Quarantining All Traces: 412 cookie
12:55 AM: Quarantining All Traces: 447 cookie
12:55 AM: Quarantining All Traces: 4u.pl cookie
12:55 AM: Quarantining All Traces: 64.62.232 cookie
12:55 AM: Quarantining All Traces: 66.230.183 cookie
12:55 AM: Quarantining All Traces: 735 cookie
12:55 AM: Quarantining All Traces: a cookie
12:55 AM: Quarantining All Traces: about cookie
12:55 AM: Quarantining All Traces: addynamix cookie
12:55 AM: Quarantining All Traces: adecn cookie
12:55 AM: Quarantining All Traces: adjuggler cookie
12:55 AM: Quarantining All Traces: adknowledge cookie
12:55 AM: Quarantining All Traces: adlegend cookie
12:55 AM: Quarantining All Traces: adorigin cookie
12:55 AM: Quarantining All Traces: adprofile cookie
12:55 AM: Quarantining All Traces: adrevolver cookie
12:55 AM: Quarantining All Traces: ads.stileproject cookie
12:55 AM: Quarantining All Traces: adserver cookie
12:55 AM: Quarantining All Traces: adshooter cookie
12:55 AM: Quarantining All Traces: adultfriendfinder cookie
12:55 AM: Quarantining All Traces: advertising cookie
12:55 AM: Quarantining All Traces: affiliatefuel.com cookie
12:55 AM: Quarantining All Traces: apmebf cookie
12:55 AM: Quarantining All Traces: ask cookie
12:55 AM: Quarantining All Traces: askmen cookie
12:55 AM: Quarantining All Traces: atlas dmt cookie
12:55 AM: Quarantining All Traces: atwola cookie
12:55 AM: Quarantining All Traces: azjmp cookie
12:55 AM: Quarantining All Traces: banner cookie
12:55 AM: Quarantining All Traces: bannerspace cookie
12:55 AM: Quarantining All Traces: belnk cookie
12:55 AM: Quarantining All Traces: bizrate cookie
12:55 AM: Quarantining All Traces: bluestreak cookie
12:55 AM: Quarantining All Traces: brazilwelcomesyou cookie
12:55 AM: Quarantining All Traces: bs.serving-sys cookie
12:55 AM: Quarantining All Traces: burstbeacon cookie
12:55 AM: Quarantining All Traces: burstnet cookie
12:55 AM: Quarantining All Traces: cardomain cookie
12:55 AM: Quarantining All Traces: casalemedia cookie
12:55 AM: Quarantining All Traces: cc214142 cookie
12:55 AM: Quarantining All Traces: ccbill cookie
12:55 AM: Quarantining All Traces: centrport net cookie
12:55 AM: Quarantining All Traces: classmates cookie
12:55 AM: Quarantining All Traces: clickandtrack cookie
12:55 AM: Quarantining All Traces: clickbank cookie
12:55 AM: Quarantining All Traces: clickzs cookie
12:55 AM: Quarantining All Traces: coremetrics cookie
12:55 AM: Quarantining All Traces: counter cookie
12:55 AM: Quarantining All Traces: customer cookie
12:55 AM: Quarantining All Traces: dashbar
12:55 AM: Quarantining All Traces: dealtime cookie
12:55 AM: Quarantining All Traces: directtrack cookie
12:55 AM: Quarantining All Traces: domainsponsor cookie
12:55 AM: Quarantining All Traces: e.spyspotter cookie
12:55 AM: Quarantining All Traces: enhance cookie
12:55 AM: Quarantining All Traces: eroticy cookie
12:55 AM: Quarantining All Traces: exitexchange cookie
12:55 AM: Quarantining All Traces: exitfuel cookie
12:55 AM: Quarantining All Traces: falkag cookie
12:55 AM: Quarantining All Traces: fastclick cookie
12:55 AM: Quarantining All Traces: fe.lea.lycos.com cookie
12:55 AM: Quarantining All Traces: fortunecity cookie
12:55 AM: Quarantining All Traces: gain - common components
12:55 AM: Quarantining All Traces: gangbangsquad cookie
12:55 AM: Quarantining All Traces: go.com cookie
12:55 AM: Quarantining All Traces: go2net.com cookie
12:55 AM: Quarantining All Traces: gostats cookie
12:55 AM: Quarantining All Traces: hbmediapro cookie
12:55 AM: Quarantining All Traces: hitslink cookie
12:55 AM: Quarantining All Traces: homestore cookie
12:55 AM: Quarantining All Traces: howstuffworks cookie
12:55 AM: Quarantining All Traces: humanclick cookie
12:55 AM: Quarantining All Traces: hypertracker.com cookie
12:55 AM: Quarantining All Traces: ic-live cookie
12:55 AM: Quarantining All Traces: imlive.com cookie
12:55 AM: Quarantining All Traces: joetec.net cookie
12:55 AM: Quarantining All Traces: jp18 cookie
12:55 AM: Quarantining All Traces: kinghost cookie
12:55 AM: Quarantining All Traces: kmpads cookie
12:55 AM: Quarantining All Traces: linksynergy cookie
12:55 AM: Quarantining All Traces: maxserving cookie
12:55 AM: Quarantining All Traces: metareward.com cookie
12:55 AM: Quarantining All Traces: military cookie
12:55 AM: Quarantining All Traces: myaffiliateprogram.com cookie
12:55 AM: Quarantining All Traces: mydailyhoroscope cookie
12:55 AM: Quarantining All Traces: mygeek cookie
12:55 AM: Quarantining All Traces: nextag cookie
12:55 AM: Quarantining All Traces: offeroptimizer cookie
12:55 AM: Quarantining All Traces: onestat.com cookie
12:55 AM: Quarantining All Traces: overture cookie
12:55 AM: Quarantining All Traces: partypoker cookie
12:55 AM: Quarantining All Traces: paycounter cookie
12:55 AM: Quarantining All Traces: paypopup cookie
12:55 AM: Quarantining All Traces: pointroll cookie
12:55 AM: Quarantining All Traces: precisead cookie
12:55 AM: Quarantining All Traces: precisiontime
12:55 AM: Quarantining All Traces: pro-market cookie
12:55 AM: Quarantining All Traces: pub cookie
12:55 AM: Quarantining All Traces: qksrv cookie
12:55 AM: Quarantining All Traces: qsrch cookie
12:55 AM: Quarantining All Traces: questionmarket cookie
12:55 AM: Quarantining All Traces: realmedia cookie
12:55 AM: Quarantining All Traces: rednova cookie
12:55 AM: Quarantining All Traces: reliablestats cookie
12:55 AM: Quarantining All Traces: reunion cookie
12:55 AM: Quarantining All Traces: revenue.net cookie
12:55 AM: Quarantining All Traces: rightmedia cookie
12:55 AM: Quarantining All Traces: rn11 cookie
12:55 AM: Quarantining All Traces: ru4 cookie
12:55 AM: Quarantining All Traces: sandboxer cookie
12:55 AM: Quarantining All Traces: screensavers.com cookie
12:55 AM: Quarantining All Traces: searchadnetwork cookie
12:55 AM: Quarantining All Traces: servedby advertising cookie
12:55 AM: Quarantining All Traces: server.iad.liveperson cookie
12:55 AM: Quarantining All Traces: serving-sys cookie
12:55 AM: Quarantining All Traces: servlet cookie
12:55 AM: Quarantining All Traces: sexsearch cookie
12:55 AM: Quarantining All Traces: sexsuche cookie
12:55 AM: Quarantining All Traces: sextracker cookie
12:55 AM: Quarantining All Traces: specificclick.com cookie
12:55 AM: Quarantining All Traces: starware.com cookie
12:55 AM: Quarantining All Traces: statcounter cookie
12:55 AM: Quarantining All Traces: statstracking cookie
12:55 AM: Quarantining All Traces: targetnet cookie
12:55 AM: Quarantining All Traces: teensforcash cookie
12:55 AM: Quarantining All Traces: tickle cookie
12:55 AM: Quarantining All Traces: toplist cookie
12:55 AM: Quarantining All Traces: touchclarity cookie
12:55 AM: Quarantining All Traces: tracking cookie
12:55 AM: Quarantining All Traces: tradedoubler cookie
12:55 AM: Quarantining All Traces: trafficmp cookie
12:55 AM: Quarantining All Traces: tribalfusion cookie
12:55 AM: Quarantining All Traces: ugo cookie
12:55 AM: Quarantining All Traces: valuead cookie
12:55 AM: Quarantining All Traces: videodome cookie
12:55 AM: Quarantining All Traces: webpower cookie
12:55 AM: Quarantining All Traces: websponsors cookie
12:55 AM: Quarantining All Traces: web-stat cookie
12:55 AM: Quarantining All Traces: webtrendslive cookie
12:55 AM: Quarantining All Traces: wegcash cookie
12:55 AM: Quarantining All Traces: whenu savenow
12:55 AM: Quarantining All Traces: whenu save
12:55 AM: Quarantining All Traces: whenu
12:55 AM: Quarantining All Traces: www.club-nikki cookie
12:55 AM: Quarantining All Traces: x10 cookie
12:55 AM: Quarantining All Traces: xiti cookie
12:55 AM: Quarantining All Traces: xren_cj cookie
12:55 AM: Quarantining All Traces: xzoomy cookie
12:55 AM: Quarantining All Traces: yadro cookie
12:55 AM: Quarantining All Traces: yieldmanager cookie
12:55 AM: Quarantining All Traces: zango cookie
12:55 AM: Quarantining All Traces: zedo cookie
12:57 AM: Removal process completed. Elapsed time 00:06:32
********
11:16 PM: | Start of Session, Wednesday, December 21, 2005 |
11:16 PM: Spy Sweeper started
11:17 PM: Your spyware definitions have been updated.
11:19 PM: | End of Session, Wednesday, December 21, 2005 |
  • 0

#10
loophole
Posted 22 December 2005 - 12:48 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Make sure you reboot after the scan and post a hijack log and lets see how it did.
  • 0

Advertisements

#11
HCRX311
Posted 22 December 2005 - 12:54 AM

HCRX311

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Hijackthis...


Logfile of HijackThis v1.99.1
Scan saved at 1:54:20 AM, on 12/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\AOL\1124842741\ee\AOLHostManager.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\AOL\1124842741\ee\AOLServiceHost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\TJ\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124842741\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comne...iveSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {416792D8-F532-493A-BECC-1C99A1501FF9} (vmLaunch Class) - http://media2.comcas...vmLauncher2.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...76/mcinsctl.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.mo...eAutoLaunch.ocx
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europ.../wowbeta/Si.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference...h to French.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,19/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredim...p1/imloader.cab
O18 - Protocol: bw+0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • 0

#12
loophole
Posted 22 December 2005 - 12:12 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Well. your log looks pretty good and i am a bigger fan of spysweeper. Hows everything running now?
  • 0

#13
HCRX311
Posted 22 December 2005 - 04:33 PM

HCRX311

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
I was only able to be on it for a second, and I'm going out of town (at gf's right now) so in about two weeks I will be able to fully tell, but it seems to be running better, thanks for your help and I'll be in touch after I get back Thanks!
  • 0

#14
loophole
Posted 23 December 2005 - 03:41 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
OK post when you get back :tazz:
  • 0

#15
HCRX311
Posted 08 January 2006 - 09:40 PM

HCRX311

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Anyway here is an updated Hijack, after I did some fixs, the pop-ups went away just double checking everything is how it should be, Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 10:39:35 PM, on 1/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\AOL\1124842741\ee\AOLHostManager.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\AOL\1124842741\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TJ\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124842741\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Download] "C:\DOCUME~1\TJ\LOCALS~1\Temp\BellSouth\SSGet.exe" 120 "http://download.fast...Upgrade3.1.exe" "HCUpgrade3.1.exe" Log
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comne...iveSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {416792D8-F532-493A-BECC-1C99A1501FF9} (vmLaunch Class) - http://media2.comcas...vmLauncher2.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...76/mcinsctl.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.mo...eAutoLaunch.ocx
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europ.../wowbeta/Si.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference...h to French.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,19/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredim...p1/imloader.cab
O18 - Protocol: bw+0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3F90C589-2D32-4D43-860B-F024000844DF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP