Maybe Some Viruses? [Archive] - The PC Guide Discussion Forums

Wandrille

08-23-2005, 03:35 PM

i think i have some viruses or something since i've been seeing a few problems with my computer
here is the hijack list if u need it

Logfile of HijackThis v1.98.2
Scan saved at 11:33:24 AM, on 8/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\America Online 9.0a\waol.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Winamp\Winamp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TEMP\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {F7F71B8C-90A6-48B9-95B5-6D1E003735A0} - (no file)
O2 - BHO: (no name) - {3711C869-CF98-34B5-8D79-3AC3ED6BDF16} - C:\DOCUME~1\TEMP\APPLIC~1\STARTL~1\Pile mags.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - blank (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Windows Updater] paste.exe
O4 - HKCU\..\Run: [BaitFlaw] C:\DOCUME~1\TEMP\APPLIC~1\FILEBU~1\multi dale inter.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab[/url]
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - [url]http://aolcc.aol.com/computercheckup/qdiagcc.cab[/url]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - [url]http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab[/url]
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - [url]http://launch.gamespyarcade.com/software/launch/alaunch.cab[/url]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - [url]http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab[/url]
O18 - Protocol: bw+0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -

Wandrille

08-23-2005, 03:35 PM

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Fruss Tray Ted

08-23-2005, 04:04 PM

I didn't look in any depth but at a glance I did not see anything in your log.

What problems are you having?
Your version of HJT is outdated and you should not let it reside in your Temp files either.

Have you run your A/V, an online scan? Also AdAware and Spybot?

david eaton

08-23-2005, 06:34 PM

U{date your copy of Hijack this. I looks af if you have the remants of a LOP infestation. Did you have messenger plus, and uninstalled it?
Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R3 - URLSearchHook: (no name) - {F7F71B8C-90A6-48B9-95B5-6D1E003735A0} - (no file)
O2 - BHO: (no name) - {3711C869-CF98-34B5-8D79-3AC3ED6BDF16} - C:\DOCUME~1\TEMP\APPLIC~1\STARTL~1\Pile mags.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - blank (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\RunServices: [Windows Updater] paste.exe
O4 - HKCU\..\Run: [BaitFlaw] C:\DOCUME~1\TEMP\APPLIC~1\FILEBU~1\multi dale inter.exe

Reboot and delete

files
paste.exe

folders
C:\DOCUME~1\TEMP\APPLIC~1\FILEBU~1

These may be hidden files. See HERE (http://www.xtra.co.nz/help/0,,4155-1916458,00.html) for how to show hidden files.

Please post a followup Hijack this log, and say if your problems persist.

Wandrille

08-24-2005, 12:43 AM

Logfile of HijackThis v1.99.1
Scan saved at 8:42:13 PM, on 8/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LimeWire\LimeWire.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab[/url]
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - [url]http://aolcc.aol.com/computercheckup/qdiagcc.cab[/url]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - [url]http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab[/url]
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - [url]http://launch.gamespyarcade.com/software/launch/alaunch.cab[/url]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - [url]http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab[/url]
O18 - Protocol: bw+0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -

Wandrille

08-24-2005, 12:43 AM

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

david eaton

08-24-2005, 09:40 AM

Log looks OK. How is the computer running now

Wandrille

08-24-2005, 01:35 PM

well the pf usage went down and its running a little better but however im goin to get some more ram since i use so many programs at once
and thanx a lot for ur help

Wolfey

08-24-2005, 01:50 PM

Budfred

08-24-2005, 10:36 PM

Well this needs un-installing straight away

C:\Program Files\LimeWire\LimeWire.exe
It's a spyware app.

This needs fixing
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {F7F71B8C-90A6-48B9-95B5-6D1E003735A0} - (no file)

I will look deeper.
New versions of LimeWire are no longer considered to contain spyware/malware... Like any P2P program, it does increase the chances of getting infected... The other 2 items can be fixed, but are probably not making a difference at this point...

I am not sure why you feel a need to look deeper... david eaton is a very well qualified malware fighter...

Wandrille

08-24-2005, 11:12 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:10:55 PM, on 8/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\WINDOWS\System32\alg.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LimeWire\LimeWire.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\GameSpy Arcade\Aphex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [BaitFlaw] C:\DOCUME~1\TEMP\APPLIC~1\FILEBU~1\multi dale inter.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab[/url]
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - [url]http://aolcc.aol.com/computercheckup/qdiagcc.cab[/url]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - [url]http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab[/url]
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - [url]http://launch.gamespyarcade.com/software/launch/alaunch.cab[/url]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - [url]http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab[/url]
O18 - Protocol: bw+0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -
C:\Program Files\Logitech\Desktop Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -
O18 - Protocol: bwb0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -

Wandrille

08-24-2005, 11:14 PM

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Budfred

08-25-2005, 12:21 AM

LOP seems to be back... Please use HJT to fix this again:

O4 - HKCU\..\Run: [BaitFlaw] C:\DOCUME~1\TEMP\APPLIC~1\FILEBU~1\multi dale inter.exe

Then download and run CCleaner to clean out temporary folders:

http://www.ccleaner.com/

Then also try running an MWavScan... It will produce a log in the lower window that has the bad list and you will need to use Ctrl-C to copy it and then paste it here for review.... If the list is extremely long, you can just paste the lines that begin with the word "File" since those are the ones we need to be most concerned about...

http://www.mwti.net/antivirus/free_utilities.asp

It will suggest that you buy the product to fix what it finds, but that is not necessary... Just post the bad part of the scan and we will deal with it...

Wandrille

08-25-2005, 01:08 AM

File c:\docume~1\temp\locals~1\temp\jjxiqupn.exe infected by "Trojan-Downloader.Win32.Swizzor.co" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\TEMP\APPLIC~1\FILEBU~1\MULTID~1.EXE infected by "Trojan-Downloader.Win32.Swizzor.co" Virus! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "newdotnet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "PowerReg Scheduler Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SAHAgent Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SAHAgent Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SAHAgent Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "XXX-ToolBar Spyware/Adware" found in File System! Action Taken: No Action Taken.

File C:\WINDOWS\system32\b5s.dll infected by "Trojan-Dropper.Win32.Small.gv" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\MyDailyHoroscope.dlltmp infected by "Trojan-Dropper.Win32.Small.mh" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\TEMP\LOCALS~1\Temp\jjxiqupn.exe infected by "Trojan-Downloader.Win32.Swizzor.co" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\TEMP\LOCALS~1\TEMPOR~1\Content.IE5\9DN 0PN3P\ysb_prompt[1].htm infected by "Trojan-Downloader.JS.IstBar.j" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\TEMP\LOCALS~1\TEMPOR~1\Content.IE5\EH8 FAXI5\get[1].htm infected by "Trojan-Downloader.JS.IstBar.x" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\TEMP\LOCALS~1\TEMPOR~1\Content.IE5\EH8 FAXI5\prompt[1].htm infected by "Trojan-Downloader.JS.IstBar.k" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\TEMP\LOCALS~1\TEMPOR~1\Content.IE5\X7W 1XPE5\sploit[1].anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.

Wandrille

08-25-2005, 01:09 AM

i had to take out a huge chunk of it but they all had the word entry in front of it
so i hope its ok
and i also just got azesearch after (dont know how but i know how to get rid of it)

Wandrille

08-25-2005, 03:09 AM

ok i got rid of azesearch but thur may be some left over files
how do i know if thur r some and i wuld like to get rid of them?

Wolfey

08-25-2005, 05:16 AM

New versions of LimeWire are no longer considered to contain spyware/malware... Like any P2P program, it does increase the chances of getting infected... The other 2 items can be fixed, but are probably not making a difference at this point...

I am not sure why you feel a need to look deeper... david eaton is a very well qualified malware fighter...

I was just trying to help Bud, but I shall bow out gracefully.

Budfred

08-25-2005, 08:37 AM

Some of those items should have been cleaned up by CCleaner, have you run that yet??

Please do this for the rest of them... Download and set up KillBox:

http://www.downloads.subratam.org/KillBox.zip

Then copy/paste this list into a Notepad file so that you can access it in Safe Mode... Boot to Safe Mode (tap F8 just before Windows starts loading and select Safe Mode)... Choose the "Delete on reboot" and "End Explorer Shell while Killing file" options... Copy/paste the entire list into the line for the file... It should be able to accept the whole list, but if it doesn't you will need to enter them one at a time... Do not click through to close it out and reboot until they have all been entered... Once they are all entered, click through to kill them...

c:\docume~1\temp\locals~1\temp\jjxiqupn.exe
C:\DOCUME~1\TEMP\APPLIC~1\FILEBU~1\MULTID~1.EXE
C:\WINDOWS\system32\b5s.dll
C:\WINDOWS\system32\MyDailyHoroscope.dlltmp
C:\DOCUME~1\TEMP\LOCALS~1\Temp\jjxiqupn.exe
C:\DOCUME~1\TEMP\LOCALS~1\TEMPOR~1\Content.IE5\9DN 0PN3P\ysb_prompt[1].htm
C:\DOCUME~1\TEMP\LOCALS~1\TEMPOR~1\Content.IE5\EH8 FAXI5\get[1].htm
C:\DOCUME~1\TEMP\LOCALS~1\TEMPOR~1\Content.IE5\EH8 FAXI5\prompt[1].htm
C:\DOCUME~1\TEMP\LOCALS~1\TEMPOR~1\Content.IE5\X7W 1XPE5\sploit[1].anr

After the reboot, post a fresh HJT log with details of how things are going...

Wandrille

08-25-2005, 08:12 PM

i did do a ccleaner before doing the logfile
and here is the new logfile of hjt

Logfile of HijackThis v1.99.1
Scan saved at 4:11:08 PM, on 8/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000000-0000-44CF-A0AE-4BD9C034DF6B} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll (file missing)
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BaitFlaw] C:\DOCUME~1\TEMP\APPLIC~1\FILEBU~1\multi dale inter.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab[/url]
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - [url]http://aolcc.aol.com/computercheckup/qdiagcc.cab[/url]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - [url]http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab[/url]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - [url]http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab[/url]
O18 - Protocol: bw+0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -

Wandrille

08-25-2005, 08:13 PM

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Budfred

08-25-2005, 09:01 PM

You seem to have some new things... Please be very careful about where you go on the web until we get complete armor installed... Use HJT to fix:

O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKCU\..\Run: [BaitFlaw] C:\DOCUME~1\TEMP\APPLIC~1\FILEBU~1\multi dale inter.exe

Also find and delete these folder:

C:\Program Files\ProSiteFinder
C:\DOCUME~1\TEMP\APPLIC~1\FILEBU~1

I think it would be a good idea to look at another MWavScan and also let's get a Silent Runners log to see if there is anything else we are missing... Something keeps restoring that LOP item...

Please download SilentRunners from here:
http://www.silentrunners.org/Silent%20Runners.zip
Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, it will create a logfile on the desktop. Please post the entire contents of this logfile for me to see.

Wandrille

08-25-2005, 10:26 PM

Budfred

08-25-2005, 11:17 PM

This doesn't look like the complete log... You need to let Silent Runners run for quite a while to get the complete log... Also, we still need to see the MWavScan and another HJT log...

Wandrille

08-25-2005, 11:18 PM

File c:\docume~1\temp\locals~1\temp\ygbzoivi.exe infected by "Trojan-Downloader.Win32.Swizzor.co" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\azentretien.dll tagged as "not-a-virus:AdWare.AzSearch.a". Action Taken: No Action Taken.
File C:\DOCUME~1\TEMP\APPLIC~1\FILEBU~1\MULTID~1.EXE infected by "Trojan-Downloader.Win32.Swizzor.co" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\180.exe tagged as "not-a-virus:AdWare.WinAD.aw". Action Taken: No Action Taken.
File C:\WINDOWS\azentretien.dll tagged as "not-a-virus:AdWare.AzSearch.a". Action Taken: No Action Taken.
File C:\WINDOWS\ys.exe infected by "Trojan-Downloader.Win32.IstBar.kc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\azesearch4.ocx tagged as "not-a-virus:AdWare.AzSearch.b". Action Taken: No Action Taken.
File C:\WINDOWS\system32\iasada.dll_tobedeleted tagged as "not-a-virus:AdWare.AzSearch.b". Action Taken: No Action Taken.
File C:\WINDOWS\system32\idbhbbjo.ini tagged as "not-a-virus:AdWare.Sahat.ao". Action Taken: No Action Taken.
File C:\WINDOWS\system32\omhep57r.ini tagged as "not-a-virus:AdWare.Sahat.ao". Action Taken: No Action Taken.
File C:\DOCUME~1\TEMP\LOCALS~1\Temp\ygbzoivi.exe infected by "Trojan-Downloader.Win32.Swizzor.co" Virus! Action Taken: No Action Taken.

Wandrille

08-25-2005, 11:21 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:20:48 PM, on 8/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000000-0000-44CF-A0AE-4BD9C034DF6B} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BaitFlaw] C:\DOCUME~1\TEMP\APPLIC~1\FILEBU~1\multi dale inter.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab[/url]
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - [url]http://aolcc.aol.com/computercheckup/qdiagcc.cab[/url]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - [url]http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab[/url]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - [url]http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab[/url]
O18 - Protocol: bw+0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -

Wandrille

08-25-2005, 11:22 PM

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Budfred

08-25-2005, 11:33 PM

You seem to be pick up more infections and you still have 2 of those items left in the HJT scan... Use KillBox on these:

c:\docume~1\temp\locals~1\temp\ygbzoivi.exe
C:\WINDOWS\azentretien.dll
C:\DOCUME~1\TEMP\APPLIC~1\FILEBU~1\MULTID~1.EXE C:\WINDOWS\180.exe
C:\WINDOWS\azentretien.dll
C:\WINDOWS\ys.exe
C:\WINDOWS\system32\azesearch4.ocx
C:\WINDOWS\system32\iasada.dll_tobedeleted
C:\WINDOWS\system32\idbhbbjo.ini
C:\WINDOWS\system32\omhep57r.ini C:\DOCUME~1\TEMP\LOCALS~1\Temp\ygbzoivi.exe

Then also try an online virus scan from my signature, I would use HouseCall... Then run and Ewido scan and try it in Safe Mode if you run into any problems...

Please download, install, and update the NEW free version of Ewido trojan scanner (http://www.ewido.net/en/download/):

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

From the main ewido screen, click on update in the left menu, then click the Start update button.

After the update finishes (the status bar at the bottom will display "Update successful")

Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.

If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.

When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Please provide details on how things are going when you post back.... Also, please avoid any websites other than PCGuide and the links I posted if at all possible...

Wandrille

08-26-2005, 02:39 PM

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:37:22 AM, 8/26/2005
+ Report-Checksum: 1894A593

+ Scan result:

HKU\S-1-5-21-1090096503-3769991607-3404642925-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
C:\!Submit\azentretien.dll -> Spyware.AzSearch : Cleaned with backup
C:\!Submit\azesearch4.ocx -> Spyware.AzSearch : Cleaned with backup
C:\!Submit\iasada.dll_tobedeleted -> Spyware.AzSearch : Cleaned with backup
C:\data -> TrojanDownloader.IstBar.kc : Cleaned with backup
C:\Documents and Settings\Wandrille Hubert\Local Settings\Application Data\Wildtangent\Cdacache\00\00\12.dat/files\wtvh.dll -> Spyware.WildTangent : Error during cleaning
C:\Hijack This\backups\backup-20050824-224334-742.dll -> Dialer.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP481\A0265164.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP481\A0265165.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP481\A0265166.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP481\A0265167.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP481\A0265176.ocx -> Spyware.AzSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP481\A0265186.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP481\A0265187.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0265203.dll -> Spyware.AzSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0265205.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0265227.dll -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0265228.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0265229.exe -> Adware.Saha : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0265230.dll -> Spyware.MoneyGainer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0265231.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0265232.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0265233.dll -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0265235.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0265236.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0265237.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0265238.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0265239.exe -> Adware.Saha : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0265240.dll -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP482\A0265251.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP483\A0265296.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP483\A0265343.dll -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP483\A0265344.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP483\A0265349.dll -> Spyware.AzSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP483\A0265350.ocx -> Spyware.AzSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP484\A0266307.exe -> TrojanDownloader.IstBar.kc : Cleaned with backup
C:\temp\optimize.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\WINDOWS\180.exe -> Spyware.WinAD : Cleaned with backup

::Report End

Wandrille

08-27-2005, 01:24 AM

Logfile of HijackThis v1.99.1
Scan saved at 9:23:42 PM, on 8/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\GameSpy Arcade\Aphex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000000-0000-44CF-A0AE-4BD9C034DF6B} - blank (file missing)
O2 - BHO: (no name) - {3711C869-CF98-34B5-8D79-3AC3ED6BDF16} - C:\DOCUME~1\TEMP\APPLIC~1\STARTL~1\Pile mags.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [blah mix dog first] C:\Documents and Settings\All Users\Application Data\stupid grid blah mix\Startcity.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BaitFlaw] C:\DOCUME~1\TEMP\APPLIC~1\FILEBU~1\multi dale inter.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - [url]http://housecall60.trendmicro.com/housecall/xscan60.cab[/url]
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab[/url]
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - [url]http://aolcc.aol.com/computercheckup/qdiagcc.cab[/url]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - [url]http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab[/url]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - [url]http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab[/url]
O18 - Protocol: bw+0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -

Wandrille

08-27-2005, 01:24 AM

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Wandrille

08-27-2005, 01:37 AM

"Silent Runners.vbs", revision 40, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"BaitFlaw" = "C:\DOCUME~1\TEMP\APPLIC~1\FILEBU~1\multi dale inter.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["Networks Associates Technology, Inc"]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\McAgent.exe" ["Networks Associates Technology, Inc"]
"VSOCheckTask" = ""c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask" ["Networks Associates Technology, Inc"]
"VirusScan Online" = ""c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"" ["Networks Associates Technology, Inc"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"blah mix dog first" = "C:\Documents and Settings\All Users\Application Data\stupid grid blah mix\Startcity.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{00000000-0000-44CF-A0AE-4BD9C034DF6B}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]
{3711C869-CF98-34B5-8D79-3AC3ED6BDF16}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\DOCUME~1\TEMP\APPLIC~1\STARTL~1\Pile mags.exe" [null data]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = "PCTools Site Guard" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = "DriveLetterAccess" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = "PCTools Browser Monitor" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" ["Sonic Solutions"]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{F0F08737-0C36-101B-B086-0020AF07D0F4}" = "Quick View Plus - Shell Extension object"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Quick View Plus\PROGRAM\QVPSE2.DLL" ["Inso Corporation"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{C56C4E21-706D-11d0-AFC5-444553540002}" = "My Digital Camera"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\PhotoDeluxe BE 1.0\FotoNation Explorer\camview.dll" ["FotoNation Inc."]
"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office\1033\UNBIND.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
QuickViewPlusMenu\(Default) = "{F0F08737-0C36-101B-B086-0020AF07D0F4}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Quick View Plus\PROGRAM\QVPSE2.DLL" ["Inso Corporation"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
QuickFinderMenu\(Default) = "{C0E10002-0028-0004-C0E1-C0E1C0E1C0E1}"
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL" ["Novell, Inc., c/o Corel Corporation Limited"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssflwbox.scr" [MS]

Startup items in "Wandrille Hubert" & "All Users" startup folders:
------------------------------------------------------------------

C:\Documents and Settings\TEMP\Start Menu\Programs\Startup
INFECTION WARNING! "PowerReg Scheduler V3.exe" ["Leader Technologies"]

Enabled Scheduled Tasks:
------------------------

"A61E7C8B9181F78F" -> launches: "c:\docume~1\temp\applic~1\filebu~1\book software dumb.exe" [null data]
"AA2FD1EB918446F7" -> launches: "c:\docume~1\temp\applic~1\filebu~1\book software dumb.exe" [null data]
"McAfee.com Update Check (WANDRILLE-Wandrille Hubert)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["Networks Associates Technology, Inc"]
"McAfee.com Update Check (WANDRILLE-xavier hubert)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["Networks Associates Technology, Inc"]

Wandrille

08-27-2005, 01:38 AM

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 22
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\msjava.dll" [MS]

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INetRepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Create Mobile Favorite..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INetRepl.dll" [MS]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM95\aim.exe" ["America Online, Inc."]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Autodesk Licensing Service, Autodesk Licensing Service, ""C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"" [null data]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" ["McAfee Corporation"]
McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["Network Associates, Inc."]
McAfee.com VirusScan Online Realtime Engine, MCVSRte, "c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding" ["Networks Associates Technology, Inc"]
MSSQL$SONY_MEDIAMGR, MSSQL$SONY_MEDIAMGR, "C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 224 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 21 seconds.
---------- (total run time: 376 seconds)

Wandrille

08-27-2005, 01:39 AM

ok im going to be gone for the weekend so if you could just tell me what to do i'll do it when i come back
since i am not playnning on taking my laptop to seattle since im gonna be with friends and go to a baseball game
i'll probably be back sunday afternoon or sunday night

Budfred

08-27-2005, 01:44 AM

Please tell me what happened with your scans... Especially the HouseCall scan and also how your computer is running... I am blind without the information you give me...

You do still have LOP and I will post another fix for that...

Budfred

08-27-2005, 01:51 AM

We will need a StartupList log to kill the rest of LOP...

Open Hijackthis, click "Open the Misc Tools section"
Next to "Generate StartupList log", place a check next to "List also minor sections" (full) and "List empty sections (complete).
Then click "Generate StartupList log"
Click "Yes" to the box that pops-up.
Then copy and paste the notepad text that appears to this topic.

Wandrille

08-29-2005, 12:36 PM

StartupList report, 8/29/2005, 8:32:52 AM
StartupList version: 1.52.2
Started from : C:\Hijack This\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\TEMP\Start Menu\Programs\Startup]
PowerReg Scheduler V3.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Win logon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Win logon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
MCAgentExe = c:\PROGRA~1\mcafee.com\agent\McAgent.exe
VSOCheckTask = "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
VirusScan Online = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run OnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run OnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser .NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

Wandrille

08-29-2005, 12:36 PM

this isnt all of it its huge so do u still want me to post all of it?

hockey man

08-29-2005, 03:27 PM

Post it all for Budfred. It will help him.

Budfred

08-29-2005, 08:11 PM

You can edit out the ones that say nothing was found.... Like this one:
*No values found*

Wandrille

08-30-2005, 07:16 PM

StartupList report, 8/30/2005, 3:12:06 PM
StartupList version: 1.52.2
Started from : C:\Hijack This\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM95\aim.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\TEMP\Start Menu\Programs\Startup]
PowerReg Scheduler V3.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Win logon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Win logon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
MCAgentExe = c:\PROGRA~1\mcafee.com\agent\McAgent.exe
VSOCheckTask = "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
VirusScan Online = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
BaitFlaw = C:\DOCUME~1\TEMP\APPLIC~1\FILEBU~1\multi dale inter.exe
AIM = C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run OnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run OnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser .NT

Wandrille

08-30-2005, 07:17 PM

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssflwbox.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - blank (file missing) - {00000000-0000-44CF-A0AE-4BD9C034DF6B}
(no name) - C:\DOCUME~1\TEMP\APPLIC~1\STARTL~1\Pile mags.exe - {3711C869-CF98-34B5-8D79-3AC3ED6BDF16}
(no name) - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
(no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll - {B56A7D7D-6927-48C8-A975-17DF180C71AC}

--------------------------------------------------

Enumerating Task Scheduler jobs:

A61E7C8B9181F78F.job
AA2FD1EB918446F7.job
McAfee.com Update Check (WANDRILLE-Wandrille Hubert).job
McAfee.com Update Check (WANDRILLE-xavier hubert).job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan60.ocx
CODEBASE = http://housecall60.trendmicro.com/housecall/xscan60.cab

[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitstop.dll
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[FilePlanet Download Control Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\FilePlanetDownloadCtrl.dll
CODEBASE = http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

[QDiagAOLCCUpdateObj Class]
InProcServer32 = C:\WINDOWS\system32\qdiagcc.ocx
CODEBASE = [url]http://aolcc.aol.com/computercheckup/qdiagcc.cab[/url]

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\system32\mcinsctl.dll
CODEBASE = [url]http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab[/url]

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = [url]http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38169.8075925926[/url]

[DwnldGroupMgr Class]
InProcServer32 = C:\WINDOWS\system32\McGDMgr.dll
CODEBASE = [url]http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab[/url]

[Java Plug-in 1.4.2_05]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
CODEBASE = [url]http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[/url]

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\flash.ocx
CODEBASE = [url]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url]

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Compaq AGP Bus Filter: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled)
Alcatel SpeedTouch(tm) USB ADSL PPPoA Networking Driver (NDIS): system32\DRIVERS\alcan5wn.sys (manual start)
Alcatel Speed Touch ADSL Modem ATM Transport: system32\DRIVERS\alcaudsl.sys (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled)
ALI AGP Bus Filter: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled)
amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled)
AOL Connectivity Service: "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" (autostart)
AOL TopSpeed Monitor: C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (autostart)
AOL Spyware Protection Service: C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (autostart)

Wandrille

08-30-2005, 07:21 PM

Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)
asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled)
asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\asp net_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Autodesk Licensing Service: "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe" (autostart)
Dell TrueMobile WLAN Card Driver: System32\DRIVERS\bcmwl5.sys (manual start)
Broadcom 440x 10/100 Integrated Controller XP Driver: System32\DRIVERS\bcm4sbxp.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
MAC Bridge: System32\DRIVERS\bridge.sys (manual start)
MAC Bridge Miniport: System32\DRIVERS\bridge.sys (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
C-DillaSrv: C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE (autostart)
cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Microsoft ACPI Control Method Battery Driver: System32\DRIVERS\CmBatt.sys (manual start)
CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled)
Microsoft Composite Battery Driver: System32\DRIVERS\compbatt.sys (system)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled)
dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled)
Dual-Mode DSC(2770): System32\Drivers\SQcaptur.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
drvmcdb: system32\drivers\drvmcdb.sys (system)
drvnddm: system32\drivers\drvnddm.sys (autostart)
3Com EtherLink XL 90XB/C Adapter Driver: System32\DRIVERS\el90xbc5.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido\security suite\ewidoctrl.exe (autostart)
Fadpu16E: \??\C:\DOCUME~1\TEMP\LOCALS~1\Temp\Fadpu16E.sys (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled)
HSFHWICH: System32\DRIVERS\HSFHWICH.sys (manual start)
HSF_DP: System32\DRIVERS\HSF_DP.sys (manual start)
HSF_DPV: system32\DRIVERS\HSF_DPV.SYS (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
i81x: System32\DRIVERS\i81xnt5.sys (manual start)
iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)
iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)
iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)
iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)
iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)
iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)
iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)
iAimTV2: System32\DRIVERS\wATV03nt.sys (manual start)
iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)
iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled)
IntelIde: System32\DRIVERS\intelide.sys (system)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IrDA Protocol: System32\DRIVERS\irda.sys (autostart)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
Infrared Monitor: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Serial Infrared Driver: System32\DRIVERS\irsir.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: System32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Logitech HID/USB Mouse Filter Driver: System32\DRIVERS\LHidFlt2.Sys (manual start)
Logitech USB Receiver device driver: System32\Drivers\LHidUsb.Sys (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Logitech Mouse Class Filter Driver: System32\DRIVERS\LMouFlt2.Sys (manual start)
McAfee.com McShield: c:\PROGRA~1\mcafee.com\vso\mcshield.exe (manual start)
McAfee SecurityCenter Update Manager: C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (manual start)
McAfee.com VirusScan Online Realtime Engine: c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding (autostart)
mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
MPFIREWL: System32\Drivers\MpFirewall.sys (system)
McAfee Personal Firewall Service: C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (autostart)
mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
MSSQL$SONY_MEDIAMGR: C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR (autostart)
MSSQLServerADHelper: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
NaiFiltr: system32\DRIVERS\NaiFiltr.sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)

Wandrille

08-30-2005, 07:22 PM

Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Texas Instruments OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
OMCI WDM Device Driver: System32\DRIVERS\omci.sys (system)
Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Pcmcia: System32\DRIVERS\pcmcia.sys (system)
perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled)
perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (disabled)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (disabled)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled)
Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled)
ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled)
ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled)
ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WAN Miniport (IrDA): System32\DRIVERS\rasirda.sys (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (disabled)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (disabled)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (disabled)
SAVScan: C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe (disabled)
ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (disabled)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
SIS AGP Bus Filter: \SystemRoot\System32\DRIVERS\sisagp.sys (disabled)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (disabled)
SQLAgent$SONY_MEDIAMGR: C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR (disabled)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
sscdbhk5: system32\drivers\sscdbhk5.sys (system)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
ssrtln: system32\drivers\ssrtln.sys (system)
Audio Driver (WDM) - SigmaTel CODEC: system32\drivers\STAC97.sys (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (disabled)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{F79A1568-D6C5-4C69-A086-936CF52DBBE3} (disabled)
symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled)
sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled)
Synaptics TouchPad Driver: System32\DRIVERS\SynTP.sys (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (disabled)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (disabled)
tfsnboio: system32\dla\tfsnboio.sys (autostart)
tfsncofs: system32\dla\tfsncofs.sys (autostart)
tfsndrct: system32\dla\tfsndrct.sys (autostart)
tfsndres: system32\dla\tfsndres.sys (autostart)
tfsnifs: system32\dla\tfsnifs.sys (autostart)
tfsnopio: system32\dla\tfsnopio.sys (autostart)
tfsnpool: system32\dla\tfsnpool.sys (autostart)
tfsnudf: system32\dla\tfsnudf.sys (autostart)
tfsnudfa: system32\dla\tfsnudfa.sys (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
TwUSBD: system32\drivers\TwUSBD.sys (manual start)
ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (disabled)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (disabled)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
GeneLink File Transfer Driver: System32\Drivers\usbhsb.sys (autostart)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
SecuROM User Access Service (V7): C:\WINDOWS\system32\UAService7.exe (autostart)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\System32\DRIVERS\viaagp.sys (disabled)
ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (disabled)
Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start)
Windows CE USB Serial Host Driver: System32\DRIVERS\wceusbsh.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
winachsf: System32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
WLTRYSVC: %SystemRoot%\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe (autostart)
Windows Media Connect (WMC): c:\program files\windows media connect\mswmccds.exe (disabled)
Windows Media Connect (WMC) Helper: C:\Program Files\Windows Media Connect\mswmcls.exe (disabled)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (disabled)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Wandrille

08-30-2005, 07:23 PM

Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 41,708 bytes
Report generated in 0.320 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Wandrille

08-30-2005, 07:24 PM

this shuld be all of the list

Budfred

08-30-2005, 11:19 PM

Download: Microsoft Task Scheduler Command Line Utility

http://mvps.org/winhelp2002/jt.zip

Unzip and copy jt.exe to your Windows folder.

Open Notepad, copy and paste the below and "Save As" KillJobs.bat
In the "Save as type" select: All Files

@echo off
jt /sd A61E7C8B9181F78F.job
jt /sd AA2FD1EB918446F7.job

Copy KillJobs.bat to your Windows folder.
Double-click on "KillJobs.bat"
(when prompted, allow the file to run)
_ _ _ _ _

After completing this process, please reboot and post a fresh HJT log and MWavScan... Also, please answer the questions I asked you earlier... If we are going to clean this up, I need you to provide the information I ask for...

Wandrille

09-01-2005, 08:40 PM

ok housecall scan went well it found some things but everything was fine
i just got a new 1gb of ram so i now have 1.25 gb of ram so it is goin faster i seem to be havin less problems with my computer

and also mwav scan i think the site closed down cuz i cant find it so i wont have a logfile for that but heres my hijack this logfile

Logfile of HijackThis v1.99.1
Scan saved at 4:55:51 PM, on 9/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000000-0000-44CF-A0AE-4BD9C034DF6B} - blank (file missing)
O2 - BHO: (no name) - {3711C869-CF98-34B5-8D79-3AC3ED6BDF16} - C:\DOCUME~1\TEMP\APPLIC~1\STARTL~1\Pile mags.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [BaitFlaw] C:\DOCUME~1\TEMP\APPLIC~1\FILEBU~1\multi dale inter.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - [url]http://housecall60.trendmicro.com/housecall/xscan60.cab[/url]
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab[/url]
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - [url]http://aolcc.aol.com/computercheckup/qdiagcc.cab[/url]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - [url]http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab[/url]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - [url]http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab[/url]
O18 - Protocol: bw+0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -

Wandrille

09-01-2005, 08:58 PM

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -

Wandrille

09-01-2005, 08:59 PM

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Budfred

09-01-2005, 09:15 PM

and also mwav scan i think the site closed down cuz i cant find it so i wont have a logfile for that but heres my hijack this logfileYou downloaded the program before, so you should be able to just run it again... If you deleted it, get the new version here:

http://www.mwti.net/products/mwav/mwav.asp

Please try fixing these with HJT again and see if they will go peacefully:

O2 - BHO: (no name) - {00000000-0000-44CF-A0AE-4BD9C034DF6B} - blank (file missing)
O2 - BHO: (no name) - {3711C869-CF98-34B5-8D79-3AC3ED6BDF16} - C:\DOCUME~1\TEMP\APPLIC~1\STARTL~1\Pile mags.exe
O4 - HKCU\..\Run: [BaitFlaw] C:\DOCUME~1\TEMP\APPLIC~1\FILEBU~1\multi dale inter.exe

Post a fresh HJT log (please edit out the O18s) and the MWavScan...

Wandrille

09-05-2005, 02:55 PM

File c:\docume~1\temp\locals~1\temp\mnjytypz.exe infected by "Trojan-Downloader.Win32.Swizzor.co" Virus! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "newdotnet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Media Access Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "PowerReg Scheduler Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "XXX-ToolBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\NAVW32.EXE" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\NAVWNT.EXE" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\qconsole.exe" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".0-beta2". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".acd-zip". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".big". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".bip". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".cue". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".dmg". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".DS_Store". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".FilePlanetCache". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".flp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".gba". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".map". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".min". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".pk3". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".RoQ". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".sdp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".sfk". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".SV4". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".sw". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "70tovmto". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "a95kfrhe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AltnetDM". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "avast!". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Comet". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Dbi". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DIVXCodec". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DMO". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Highland Warriors Demo". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB810243". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB817778". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB820291". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821253". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826942". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828028". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB833998". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837272". Action Taken: No Action Taken.

Wandrille

09-05-2005, 02:56 PM

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643-DirectX9". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839645". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840315". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841873". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LMS". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Media Access". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Media Gateway". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "msbb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "My Way Speedbar Uninstall". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MyComet". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "New.net". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "P2P Networking". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q322011". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814995". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "QuickSearch Toolbar". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "saap". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "salm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ShopAtHomeSelect Agent". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Sponge Bob". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SWAR". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "TTOOL_UNINSTALL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Verizon.MCCInstall". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "wcmdmgr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WildTangent CDA". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WinTools". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "wtdmmp". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "wtwebdriver". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0DC0F122-1B1C-11D4-AED6-00C04F022C53}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0F6BE4B6-FA35-4F51-94A2-05C66104D6AB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{23ECDB5F-8CCB-478C-9A89-6E6FE1C9E967}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{43FCA273-9534-40DB-B7C5-D7758875616A}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{44B23762-50B5-4175-B870-E85D77DB1D84}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{45EBDA59-D33B-433A-956E-B2F236468B56}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4CA4331A-4B82-4FB3-9E45-C7553DFD9E77}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{68AA88D8-38F8-48D4-A5A1-C1B524B1ED44}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{7A2477C8-1137-4F37-A1E5-1E10AA5DED74}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B5021D53-E464-407B-9B38-D9778C5B401E}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C270BC04-1540-4673-960F-A546B2C860CD}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{E18937B7-E6A6-4321-83BF-96787BB1067C}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EDCD4CE3-DE92-49A9-87F9-FE09B2FBA16C}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EDE0985B-D652-4573-A89E-803CB2597247}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F7148BF0-5880-433D-9741-BA95BB54F0C0}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9BE8D7B2-329C-442A-A4AC-ABA9D7572602}" refers to invalid object "c:\program files\mcafee.com\agent\submgr\4,3,0,10\mcsubmgr.dl l". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{04CAA53B-414F-47B0-950A-CD15D6D19D62}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{10B6B294-243F-4217-B1A1-E30898AC2E2D}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{12D56325-94E3-4E74-A91B-586982151C2F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1308A252-EBF2-4F7D-B28C-BD84E65E5ECC}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{155B3F27-CDEE-4FE2-8CC5-8D08882FDE15}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{15E12F1F-36CF-4879-89F0-C3A4A4D43097}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{166B1BC7-3F9C-11CF-8075-444553540000}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{19185FCA-75B5-11D5-89D3-000086120FE4}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1C3159CA-948C-4290-A920-4C804DF9FB7D}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1CCED668-75B5-11D5-89D3-000086120FE4}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1D028BB7-6372-408A-9FCA-46711A3286EF}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1D8A3351-C678-11D1-AA6F-000000000000}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{20261654-BD9C-11D5-97B5-0050046C5995}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{2292E927-BD89-40DE-999A-4E72CE0EAA4F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{23206367-662A-402D-932C-D21797E2CE4F}" refers to invalid object "blank". Action Taken: No Action Taken.

Wandrille

09-05-2005, 02:56 PM

Entry "HKCR\TypeLib\{2DBDEE9B-56B8-4E14-8A48-D20C64AAA673}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{307DE02D-679A-49B9-B582-6E623BE9386F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3193995F-1AC8-11D4-80CC-00C04FA03755}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{31C9D71D-9424-420B-91F8-CBA3274C4EE6}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3ABF9055-667E-4FDF-ADDA-2622E8677CBC}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3C2E74A0-887E-11D2-B40A-00600831DD76}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{467BB16A-7CAA-4119-AD5E-5B6B0697CDFB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{4C78B9E2-A887-11D1-B4FF-0060085C418E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{54CC4A82-E256-4AB1-BA85-F8FF36619969}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{586C6565-AEDF-4837-A1B2-9E98EB4BD8AD}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{58CEFAA6-4C08-4E60-A04B-84025DB58CAA}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5C15D2EF-34AB-48FC-876C-3A64961E10C1}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{619CC2FB-8E44-45CC-B74C-008283DD0494}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{68786388-3E7A-4E69-BDB4-814A1EEB1C0D}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{6EE45698-21BA-420D-AD40-1B547699BEFB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{6F3F3EF2-AA93-487B-A25C-BD67735E53B9}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{6F541E98-7CE7-424D-8C2C-396A4EABB7C6}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{703E066B-FD29-47B3-88D9-76952343323B}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{731B9F1D-5496-45D5-BCBF-4071980A1E08}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{7686FC4B-EA6F-11D5-823E-00C04FA03755}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{770865B9-37AD-48CA-B91B-15E9C90E29C1}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{7AF322C5-AB43-11D4-A00B-0050DA18DE71}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{7C1B9D8B-2B5F-41B2-95F7-DE2C5BD594EC}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{80A4726F-A80B-4B46-A70E-9913BF8B60B1}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{852C26A8-5C40-4EFB-9D81-096B21BF9D81}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{85C0BBA2-ECA7-11D4-8187-00C04FA03755}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{85C3308C-2961-483C-A348-4736C11D4459}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{873EFD18-33BC-4E25-921F-EBD42EB51126}" refers to invalid object "D:\Crossfire.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{88734681-FCB2-11D2-B9D2-00C04FAC114C}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{89988AA7-41CF-4AA0-853B-977665F71665}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{8A934650-3A3D-11D3-A2D4-005004184DF1}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{915AB318-313C-42A2-AFAE-4F25EE297831}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{9275E229-718E-4A2D-8EE0-10C5AA524C22}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{9484A729-674E-4D8A-BC0A-0595F4722960}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{95117066-315E-4CAE-BE3D-E7897D3F98BC}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{989E6670-3798-4C35-AA11-EB4E18F404C4}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A10D8738-B424-49F5-AE07-682C60F77D12}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A197D5E6-43B4-11D4-80F3-00C04FA03755}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{B2F43A60-3CD5-49C1-96B2-A6D32F88A191}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{B49A05AC-6A28-4A4A-93E5-B042399AEC4A}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{B5502CC6-85A0-4A11-AB3B-036B1FDA2B9B}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{B65DA8BE-C11A-44C5-A1CF-10F0CE5FBEF6}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{BBCDD0C6-C6B0-4E1F-98BB-530B10A77D39}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{BE2DF74C-BDC0-4411-9641-4B811B82A3AF}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{BE44896C-EB38-11D5-823F-00C04FA03755}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{BFC07EE1-0EFF-11D4-AE9A-0000E88EB84F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C4F7D7B1-0E6F-4A59-AF23-5C8B93719676}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CD4E67C1-F4F4-4646-845E-AEAE188A261A}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CD50D2CB-3651-4CE3-B274-29BACB7C5EFD}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D0FB5093-C2F0-4280-AAC9-3C35C6980FD8}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D323F395-AA30-4DF9-A379-2F3F4819AB00}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D3470F50-AB2B-40B4-B75E-057BB3487550}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D6D80D13-633A-444C-9829-4A3013D7FFBB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D935DFEC-4546-4119-94D5-91807C7BB363}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DA2FAE70-6518-4700-A264-3500A380F695}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E3C1ECE8-6E1F-4600-9A2F-C153F83484E0}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E86F5307-002B-49A2-89C4-0784C44052C4}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{ECAD18F1-CA65-11D6-8A1B-00E029570A3E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{F0F69A8F-9388-4EEE-9977-BD8AB18C5733}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{F3435EBB-ADE5-4FD0-88FE-05704DAA4FD0}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{F4273C50-9AD7-41CD-8B4A-3108B9ADF6EF}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{F99B46D1-9DE1-432B-8E89-D1D751341F8C}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{F9D542CE-FFD5-44DD-A6C8-387338103AE9}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{FD70CE63-FCFE-4CE0-9D44-E6D16B3B3D00}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{FF6CDD09-7018-4AB0-8C15-B29A8F1DE60F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\.frg" refers to invalid object "Access.Fragment". Action Taken: No Action Taken.
Entry "HKCR\AccDictionary.DCS2_SaveOptions.3" refers to invalid object "{70040E23-A058-4B48-02EF-976BC0799144}". Action Taken: No Action Taken.
Entry "HKCR\Access.Chain.3" refers to invalid object "{4C3CE991-4BA4-D645-3F82-5DBBEF9B1BC1}". Action Taken: No Action Taken.
Entry "HKCR\acidmusic5\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\ADODB.adbanner.1" refers to invalid object "{A0D1C53D-1358-24C1-8DE8-E797ABA433F6}". Action Taken: No Action Taken.
Entry "HKCR\ADODB.ComponentTypes.1" refers to invalid object "{FEFF83B9-28BF-348C-0BD1-3336F044214F}". Action Taken: No Action Taken.
Entry "HKCR\Advanced Authoring Format File\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\AfterEffects.Favorites\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\AOLCoach.TrainerOCXCtrl.10" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.
Entry "HKCR\callto\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CoachDM.WebCoachDownload" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.
Entry "HKCR\CoachDM.WebCoachDownload.1" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.

Wandrille

09-05-2005, 02:57 PM

Entry "HKCR\MacromediaFlashPaper.MacromediaFlashPaper\she ll\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\Navbho.CNavExtBho" refers to invalid object "{BDF3E430-B101-42AD-A544-FADC6B084872}". Action Taken: No Action Taken.
Entry "HKCR\Navbho.CNavExtBho.1" refers to invalid object "{BDF3E430-B101-42AD-A544-FADC6B084872}". Action Taken: No Action Taken.
Entry "HKCR\NavScanFile\shell\open\command" refers to invalid object "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe "/TASK:%1"". Action Taken: No Action Taken.
Entry "HKCR\Open Media Framework File\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\PpWebWnd.ppWebWindow" refers to invalid object "{079F4B11-D49B-40d5-9C07-BBB79B03A907}". Action Taken: No Action Taken.
Entry "HKCR\PpWebWnd.ppWebWindow.1" refers to invalid object "{079F4B11-D49B-40d5-9C07-BBB79B03A907}". Action Taken: No Action Taken.
Entry "HKCR\RollerCoaster TycoonFile0\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\RollerCoaster TycoonFile1\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\RollerCoaster TycoonFile2\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\RollerCoaster TycoonFile3\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\wareo\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\warep\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\warez\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\warezo\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\warezp\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\warezq\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\WMSServer.Server" refers to invalid object "{845FB959-4279-11D2-BF23-00805FBE84A6}". Action Taken: No Action Taken.
Entry "HKCR\WMSServer.Server.9" refers to invalid object "{845FB959-4279-11D2-BF23-00805FBE84A6}". Action Taken: No Action Taken.
File C:\WINDOWS\system32\omhep57r.ini tagged as "not-a-virus:AdWare.Sahat.ao". Action Taken: No Action Taken.
File C:\DOCUME~1\TEMP\LOCALS~1\Temp\mnjytypz.exe infected by "Trojan-Downloader.Win32.Swizzor.co" Virus! Action Taken: No Action Taken.

Wandrille

09-05-2005, 02:58 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:57:57 AM, on 9/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0a\waol.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\America Online 9.0a\shellmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\explorer.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [BaitFlaw] C:\DOCUME~1\TEMP\APPLIC~1\FILEBU~1\multi dale inter.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - [url]http://housecall60.trendmicro.com/housecall/xscan60.cab[/url]
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab[/url]
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - [url]http://aolcc.aol.com/computercheckup/qdiagcc.cab[/url]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - [url]http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab[/url]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - [url]http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab[/url]
O18 - Protocol: bw+0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -

Wandrille

09-05-2005, 02:59 PM

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -

Wandrille

09-05-2005, 02:59 PM

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner -
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Wandrille

09-05-2005, 03:01 PM

sry i forgot to post out the 018's
and my computer seems somewhat better just the pf usage is way too high

Budfred

09-05-2005, 04:43 PM

LOP is still showing in your HJT log and I don't understand why it isn't dead yet... Boot to Safe Mode and use CCleaner again... Then use KillBox with the instructions I posted earlier to kill these:

C:\WINDOWS\system32\omhep57r.ini C:\DOCUME~1\TEMP\LOCALS~1\Temp\mnjytypz.exe
C:\DOCUME~1\TEMP\APPLIC~1\FILEBU~1\multi dale inter.exe

Then try to fix these with HJT...

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKCU\..\Run: C:\DOCUME~1\TEMP\APPLIC~1\FILEBU~1\multi dale inter.exe

Then reboot to Normal mode, if either of those items were not visible in HJT in Safe Mode, run HJT and fix them... If you had to do that, reboot again... Otherwise, just run HJT and get another StartupList Log... [b]Uncheck the option to "List empty sections" and "List also minor sections".... Post that log here...

Wandrille

09-07-2005, 07:11 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:10:30 PM, on 9/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM95\aim.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - [url]http://housecall60.trendmicro.com/housecall/xscan60.cab[/url]
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab[/url]
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - [url]http://aolcc.aol.com/computercheckup/qdiagcc.cab[/url]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - [url]http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab[/url]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - [url]http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab[/url]
O18 - Protocol: bw+0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-
8876480.dll
O18 - Protocol: bw20 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -

Wandrille

09-07-2005, 07:11 PM

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} -
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {82B96A1A-BD26-45C9-920D-CF5BA5FB7686} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe