My System Is Hijacked - Help Me Please

**SimonBendle** · 11-07-2005

MY SYSTEM IS KNACKERED AND IM NOT SURE WHY.
I'VE BEEN RUNNING SPYWARE BLASTER AND AVAST - KNOW ITS HARDLY ABLE TO RUN.

HELP PLEASE.......

Simon

**HJThis** · 12-07-2005

Hello,SimonBendle & Welcome

Start off by having a look here
http://www.d-a-l.com/help/showthread.php?t=15083

do as it is posted there then show us a HijackThis logfile.

HGD

**SimonBendle** · 12-07-2005

Thanks for getting back here it is:-

Logfile of HijackThis v1.99.1
Scan saved at 18:04:28, on 12/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ntzu.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vheob.dll/sp.html#66987
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vheob.dll/sp.html#66987
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vheob.dll/sp.html#66987
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vheob.dll/sp.html#66987
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vheob.dll/sp.html#66987
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vheob.dll/sp.html#66987
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vheob.dll/sp.html#66987
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Class - {32D819AE-5E1D-5524-783B-C8993083716B} - C:\WINDOWS\wintj.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {FF52343D-FFCF-6EB3-A181-B08A3DCB6B9A} - C:\WINDOWS\system32\iehp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [ntzu.exe] C:\WINDOWS\ntzu.exe
O4 - HKLM\..\RunOnce: [syswp.exe] C:\WINDOWS\syswp.exe
O4 - HKLM\..\RunOnce: [javajh32.exe] C:\WINDOWS\system32\javajh32.exe
O4 - HKLM\..\RunOnce: [apiwj.exe] C:\WINDOWS\apiwj.exe
O4 - HKLM\..\RunOnce: [d3ej.exe] C:\WINDOWS\system32\d3ej.exe
O4 - HKLM\..\RunOnce: [ipkd32.exe] C:\WINDOWS\system32\ipkd32.exe
O4 - HKLM\..\RunOnce: [addoa32.exe] C:\WINDOWS\system32\addoa32.exe
O4 - HKLM\..\RunOnce: [crst.exe] C:\WINDOWS\crst.exe
O4 - HKLM\..\RunOnce: [crne32.exe] C:\WINDOWS\crne32.exe
O4 - HKLM\..\RunOnce: [d3ti.exe] C:\WINDOWS\system32\d3ti.exe
O4 - HKLM\..\RunOnce: [sdkdh32.exe] C:\WINDOWS\system32\sdkdh32.exe
O4 - HKLM\..\RunOnce: [appjt32.exe] C:\WINDOWS\appjt32.exe
O4 - HKLM\..\RunOnce: [appdh32.exe] C:\WINDOWS\appdh32.exe
O4 - HKLM\..\RunOnce: [syscg.exe] C:\WINDOWS\system32\syscg.exe
O4 - HKLM\..\RunOnce: [javaqi32.exe] C:\WINDOWS\system32\javaqi32.exe
O4 - HKLM\..\RunOnce: [winqc32.exe] C:\WINDOWS\system32\winqc32.exe
O4 - HKLM\..\RunOnce: [javavx.exe] C:\WINDOWS\javavx.exe
O4 - HKLM\..\RunOnce: [apped32.exe] C:\WINDOWS\system32\apped32.exe
O4 - HKLM\..\RunOnce: [d3kf32.exe] C:\WINDOWS\d3kf32.exe
O4 - HKLM\..\RunOnce: [ntrq.exe] C:\WINDOWS\system32\ntrq.exe
O4 - HKLM\..\RunOnce: [crws.exe] C:\WINDOWS\crws.exe
O4 - HKLM\..\RunOnce: [netcn.exe] C:\WINDOWS\netcn.exe
O4 - HKLM\..\RunOnce: [javaun.exe] C:\WINDOWS\javaun.exe
O4 - HKLM\..\RunOnce: [atlbw32.exe] C:\WINDOWS\atlbw32.exe
O4 - HKLM\..\RunOnce: [ntwb.exe] C:\WINDOWS\ntwb.exe
O4 - HKLM\..\RunOnce: [ieog32.exe] C:\WINDOWS\ieog32.exe
O4 - HKLM\..\RunOnce: [netyk32.exe] C:\WINDOWS\netyk32.exe
O4 - HKLM\..\RunOnce: [addlu32.exe] C:\WINDOWS\addlu32.exe
O4 - HKLM\..\RunOnce: [winmu32.exe] C:\WINDOWS\system32\winmu32.exe
O4 - HKLM\..\RunOnce: [javafn32.exe] C:\WINDOWS\system32\javafn32.exe
O4 - HKLM\..\RunOnce: [mfclq.exe] C:\WINDOWS\system32\mfclq.exe
O4 - HKLM\..\RunOnce: [sdksz.exe] C:\WINDOWS\system32\sdksz.exe
O4 - HKLM\..\RunOnce: [d3ks.exe] C:\WINDOWS\d3ks.exe
O4 - HKLM\..\RunOnce: [ippm.exe] C:\WINDOWS\ippm.exe
O4 - HKLM\..\RunOnce: [windo32.exe] C:\WINDOWS\system32\windo32.exe
O4 - HKLM\..\RunOnce: [apicm32.exe] C:\WINDOWS\system32\apicm32.exe
O4 - HKLM\..\RunOnce: [addaj.exe] C:\WINDOWS\addaj.exe
O4 - HKLM\..\RunOnce: [mseo.exe] C:\WINDOWS\mseo.exe
O4 - HKLM\..\RunOnce: [addis32.exe] C:\WINDOWS\system32\addis32.exe
O4 - HKLM\..\RunOnce: [sysxp32.exe] C:\WINDOWS\system32\sysxp32.exe
O4 - HKLM\..\RunOnce: [iemm32.exe] C:\WINDOWS\iemm32.exe
O4 - HKLM\..\RunOnce: [sysmu32.exe] C:\WINDOWS\sysmu32.exe
O4 - HKLM\..\RunOnce: [appry.exe] C:\WINDOWS\system32\appry.exe
O4 - HKLM\..\RunOnce: [addzy32.exe] C:\WINDOWS\addzy32.exe
O4 - HKLM\..\RunOnce: [winov32.exe] C:\WINDOWS\system32\winov32.exe
O4 - HKLM\..\RunOnce: [addol32.exe] C:\WINDOWS\system32\addol32.exe
O4 - HKLM\..\RunOnce: [mfcsp.exe] C:\WINDOWS\mfcsp.exe
O4 - HKLM\..\RunOnce: [appbq32.exe] C:\WINDOWS\system32\appbq32.exe
O4 - HKLM\..\RunOnce: [sysal32.exe] C:\WINDOWS\sysal32.exe
O4 - HKLM\..\RunOnce: [atlqs.exe] C:\WINDOWS\atlqs.exe
O4 - HKLM\..\RunOnce: [mfcdx.exe] C:\WINDOWS\mfcdx.exe
O4 - HKLM\..\RunOnce: [syscn32.exe] C:\WINDOWS\syscn32.exe
O4 - HKLM\..\RunOnce: [apiyy32.exe] C:\WINDOWS\system32\apiyy32.exe
O4 - HKLM\..\RunOnce: [ntkd.exe] C:\WINDOWS\system32\ntkd.exe
O4 - HKLM\..\RunOnce: [ipld32.exe] C:\WINDOWS\system32\ipld32.exe
O4 - HKLM\..\RunOnce: [netaa32.exe] C:\WINDOWS\netaa32.exe
O4 - HKLM\..\RunOnce: [netnp.exe] C:\WINDOWS\system32\netnp.exe
O4 - HKLM\..\RunOnce: [ipzi32.exe] C:\WINDOWS\ipzi32.exe
O4 - HKLM\..\RunOnce: [apphe32.exe] C:\WINDOWS\apphe32.exe
O4 - HKLM\..\RunOnce: [d3sx32.exe] C:\WINDOWS\d3sx32.exe
O4 - HKLM\..\RunOnce: [d3af.exe] C:\WINDOWS\system32\d3af.exe
O4 - HKLM\..\RunOnce: [crbf.exe] C:\WINDOWS\crbf.exe
O4 - HKLM\..\RunOnce: [addqc32.exe] C:\WINDOWS\system32\addqc32.exe
O4 - HKLM\..\RunOnce: [msid32.exe] C:\WINDOWS\msid32.exe
O4 - HKLM\..\RunOnce: [sdkhs32.exe] C:\WINDOWS\system32\sdkhs32.exe
O4 - HKLM\..\RunOnce: [javaga.exe] C:\WINDOWS\system32\javaga.exe
O4 - HKLM\..\RunOnce: [nthb.exe] C:\WINDOWS\nthb.exe
O4 - HKLM\..\RunOnce: [iefq32.exe] C:\WINDOWS\system32\iefq32.exe
O4 - HKLM\..\RunOnce: [javavd32.exe] C:\WINDOWS\javavd32.exe
O4 - HKLM\..\RunOnce: [msut.exe] C:\WINDOWS\msut.exe
O4 - HKLM\..\RunOnce: [appqp32.exe] C:\WINDOWS\appqp32.exe
O4 - HKLM\..\RunOnce: [syszx.exe] C:\WINDOWS\syszx.exe
O4 - HKLM\..\RunOnce: [sysbj32.exe] C:\WINDOWS\system32\sysbj32.exe
O4 - HKLM\..\RunOnce: [winbz.exe] C:\WINDOWS\system32\winbz.exe
O4 - HKLM\..\RunOnce: [msfd32.exe] C:\WINDOWS\msfd32.exe
O4 - HKLM\..\RunOnce: [atlui32.exe] C:\WINDOWS\system32\atlui32.exe
O4 - HKLM\..\RunOnce: [syssx32.exe] C:\WINDOWS\syssx32.exe
O4 - HKLM\..\RunOnce: [winsf.exe] C:\WINDOWS\winsf.exe
O4 - HKLM\..\RunOnce: [iebg.exe] C:\WINDOWS\system32\iebg.exe
O4 - HKLM\..\RunOnce: [mfcqv32.exe] C:\WINDOWS\mfcqv32.exe
O4 - HKLM\..\RunOnce: [ieko32.exe] C:\WINDOWS\ieko32.exe
O4 - HKLM\..\RunOnce: [sdkpy32.exe] C:\WINDOWS\sdkpy32.exe
O4 - HKLM\..\RunOnce: [apinn32.exe] C:\WINDOWS\system32\apinn32.exe
O4 - HKLM\..\RunOnce: [netnv.exe] C:\WINDOWS\system32\netnv.exe
O4 - HKLM\..\RunOnce: [apiwe.exe] C:\WINDOWS\system32\apiwe.exe
O4 - HKLM\..\RunOnce: [javalt32.exe] C:\WINDOWS\system32\javalt32.exe
O4 - HKLM\..\RunOnce: [netvu32.exe] C:\WINDOWS\system32\netvu32.exe
O4 - HKLM\..\RunOnce: [appuj32.exe] C:\WINDOWS\appuj32.exe
O4 - HKLM\..\RunOnce: [atltr.exe] C:\WINDOWS\atltr.exe
O4 - HKLM\..\RunOnce: [appcz.exe] C:\WINDOWS\system32\appcz.exe
O4 - HKLM\..\RunOnce: [ntrp32.exe] C:\WINDOWS\ntrp32.exe
O4 - HKLM\..\RunOnce: [mfckq32.exe] C:\WINDOWS\mfckq32.exe
O4 - HKLM\..\RunOnce: [sysaf32.exe] C:\WINDOWS\system32\sysaf32.exe
O4 - HKLM\..\RunOnce: [winan.exe] C:\WINDOWS\system32\winan.exe
O4 - HKLM\..\RunOnce: [sysjn.exe] C:\WINDOWS\sysjn.exe
O4 - HKLM\..\RunOnce: [apiyk32.exe] C:\WINDOWS\system32\apiyk32.exe
O4 - HKLM\..\RunOnce: [winlv32.exe] C:\WINDOWS\system32\winlv32.exe
O4 - HKLM\..\RunOnce: [atlqz.exe] C:\WINDOWS\atlqz.exe
O4 - HKLM\..\RunOnce: [apprz32.exe] C:\WINDOWS\system32\apprz32.exe
O4 - HKLM\..\RunOnce: [addfw32.exe] C:\WINDOWS\addfw32.exe
O4 - HKLM\..\RunOnce: [ntow.exe] C:\WINDOWS\ntow.exe
O4 - HKLM\..\RunOnce: [iedt32.exe] C:\WINDOWS\system32\iedt32.exe
O4 - HKLM\..\RunOnce: [javawu32.exe] C:\WINDOWS\javawu32.exe
O4 - HKLM\..\RunOnce: [netmk32.exe] C:\WINDOWS\system32\netmk32.exe
O4 - HKLM\..\RunOnce: [netus.exe] C:\WINDOWS\system32\netus.exe
O4 - HKLM\..\RunOnce: [apius.exe] C:\WINDOWS\system32\apius.exe
O4 - HKLM\..\RunOnce: [crkp32.exe] C:\WINDOWS\crkp32.exe
O4 - HKLM\..\RunOnce: [ntco.exe] C:\WINDOWS\ntco.exe
O4 - HKLM\..\RunOnce: [atlbd32.exe] C:\WINDOWS\atlbd32.exe
O4 - HKLM\..\RunOnce: [sysrt32.exe] C:\WINDOWS\system32\sysrt32.exe
O4 - HKLM\..\RunOnce: [winzb.exe] C:\WINDOWS\system32\winzb.exe
O4 - HKLM\..\RunOnce: [ieab.exe] C:\WINDOWS\ieab.exe
O4 - HKLM\..\RunOnce: [mfcpy32.exe] C:\WINDOWS\system32\mfcpy32.exe
O4 - HKLM\..\RunOnce: [winhz32.exe] C:\WINDOWS\system32\winhz32.exe
O4 - HKLM\..\RunOnce: [d3yp32.exe] C:\WINDOWS\d3yp32.exe
O4 - HKLM\..\RunOnce: [msfx.exe] C:\WINDOWS\msfx.exe
O4 - HKLM\..\RunOnce: [crgx.exe] C:\WINDOWS\system32\crgx.exe
O4 - HKLM\..\RunOnce: [adddm.exe] C:\WINDOWS\adddm.exe
O4 - HKLM\..\RunOnce: [ielb32.exe] C:\WINDOWS\ielb32.exe
O4 - HKLM\..\RunOnce: [wineu.exe] C:\WINDOWS\system32\wineu.exe
O4 - HKLM\..\RunOnce: [winze.exe] C:\WINDOWS\winze.exe
O4 - HKLM\..\RunOnce: [mfcrf32.exe] C:\WINDOWS\mfcrf32.exe
O4 - HKLM\..\RunOnce: [crmq32.exe] C:\WINDOWS\crmq32.exe
O4 - HKLM\..\RunOnce: [sdkvr.exe] C:\WINDOWS\sdkvr.exe
O4 - HKLM\..\RunOnce: [sdkbn32.exe] C:\WINDOWS\sdkbn32.exe
O4 - HKLM\..\RunOnce: [sdkpk32.exe] C:\WINDOWS\sdkpk32.exe
O4 - HKLM\..\RunOnce: [javaps32.exe] C:\WINDOWS\system32\javaps32.exe
O4 - HKLM\..\RunOnce: [d3uw.exe] C:\WINDOWS\system32\d3uw.exe
O4 - HKLM\..\RunOnce: [crdx32.exe] C:\WINDOWS\system32\crdx32.exe
O4 - HKLM\..\RunOnce: [ipbm32.exe] C:\WINDOWS\ipbm32.exe
O4 - HKLM\..\RunOnce: [mswy.exe] C:\WINDOWS\mswy.exe
O4 - HKLM\..\RunOnce: [javaak.exe] C:\WINDOWS\system32\javaak.exe
O4 - HKLM\..\RunOnce: [winpz32.exe] C:\WINDOWS\winpz32.exe
O4 - HKLM\..\RunOnce: [atlfg.exe] C:\WINDOWS\atlfg.exe
O4 - HKLM\..\RunOnce: [syseu.exe] C:\WINDOWS\system32\syseu.exe
O4 - HKLM\..\RunOnce: [ipsy32.exe] C:\WINDOWS\ipsy32.exe
O4 - HKLM\..\RunOnce: [javajg.exe] C:\WINDOWS\javajg.exe
O4 - HKLM\..\RunOnce: [msjr32.exe] C:\WINDOWS\system32\msjr32.exe
O4 - HKLM\..\RunOnce: [d3wl.exe] C:\WINDOWS\d3wl.exe
O4 - HKLM\..\RunOnce: [d3qw32.exe] C:\WINDOWS\system32\d3qw32.exe
O4 - HKLM\..\RunOnce: [msym32.exe] C:\WINDOWS\system32\msym32.exe
O4 - HKLM\..\RunOnce: [windq.exe] C:\WINDOWS\windq.exe
O4 - HKLM\..\RunOnce: [ieer32.exe] C:\WINDOWS\system32\ieer32.exe
O4 - HKLM\..\RunOnce: [netnx.exe] C:\WINDOWS\system32\netnx.exe
O4 - HKLM\..\RunOnce: [crcm32.exe] C:\WINDOWS\crcm32.exe
O4 - HKLM\..\RunOnce: [atlxx32.exe] C:\WINDOWS\system32\atlxx32.exe
O4 - HKLM\..\RunOnce: [wingy.exe] C:\WINDOWS\wingy.exe
O4 - HKLM\..\RunOnce: [addar32.exe] C:\WINDOWS\addar32.exe
O4 - HKLM\..\RunOnce: [addiz32.exe] C:\WINDOWS\system32\addiz32.exe
O4 - HKLM\..\RunOnce: [mfcne32.exe] C:\WINDOWS\system32\mfcne32.exe
O4 - HKLM\..\RunOnce: [msnm.exe] C:\WINDOWS\msnm.exe
O4 - HKLM\..\RunOnce: [sdkrq.exe] C:\WINDOWS\system32\sdkrq.exe
O4 - HKLM\..\RunOnce: [sysgn32.exe] C:\WINDOWS\sysgn32.exe
O4 - HKLM\..\RunOnce: [appwu.exe] C:\WINDOWS\appwu.exe
O4 - HKLM\..\RunOnce: [ipay32.exe] C:\WINDOWS\system32\ipay32.exe
O4 - HKLM\..\RunOnce: [apiqv32.exe] C:\WINDOWS\system32\apiqv32.exe
O4 - HKLM\..\RunOnce: [mfces32.exe] C:\WINDOWS\mfces32.exe
O4 - HKLM\..\RunOnce: [apima32.exe] C:\WINDOWS\apima32.exe
O4 - HKLM\..\RunOnce: [ntrf.exe] C:\WINDOWS\system32\ntrf.exe
O4 - HKLM\..\RunOnce: [addxz.exe] C:\WINDOWS\addxz.exe
O4 - HKLM\..\RunOnce: [iebl.exe] C:\WINDOWS\system32\iebl.exe
O4 - HKLM\..\RunOnce: [atlqa32.exe] C:\WINDOWS\atlqa32.exe
O4 - HKLM\..\RunOnce: [ntum.exe] C:\WINDOWS\system32\ntum.exe
O4 - HKLM\..\RunOnce: [sdkhj32.exe] C:\WINDOWS\system32\sdkhj32.exe
O4 - HKLM\..\RunOnce: [atltc32.exe] C:\WINDOWS\system32\atltc32.exe
O4 - HKLM\..\RunOnce: [sdkwo32.exe] C:\WINDOWS\sdkwo32.exe
O4 - HKLM\..\RunOnce: [d3bs.exe] C:\WINDOWS\system32\d3bs.exe
O4 - HKLM\..\RunOnce: [crja32.exe] C:\WINDOWS\crja32.exe
O4 - HKLM\..\RunOnce: [javaqp32.exe] C:\WINDOWS\system32\javaqp32.exe
O4 - HKLM\..\RunOnce: [cryf32.exe] C:\WINDOWS\system32\cryf32.exe
O4 - HKLM\..\RunOnce: [mfcgt.exe] C:\WINDOWS\mfcgt.exe
O4 - HKLM\..\RunOnce: [sysfj32.exe] C:\WINDOWS\sysfj32.exe
O4 - HKLM\..\RunOnce: [crvy32.exe] C:\WINDOWS\system32\crvy32.exe
O4 - HKLM\..\RunOnce: [d3dg.exe] C:\WINDOWS\d3dg.exe
O4 - HKLM\..\RunOnce: [javaeg.exe] C:\WINDOWS\system32\javaeg.exe
O4 - HKLM\..\RunOnce: [wintw.exe] C:\WINDOWS\wintw.exe
O4 - HKLM\..\RunOnce: [sysce.exe] C:\WINDOWS\system32\sysce.exe
O4 - HKLM\..\RunOnce: [addvx32.exe] C:\WINDOWS\addvx32.exe
O4 - HKLM\..\RunOnce: [crgy32.exe] C:\WINDOWS\system32\crgy32.exe
O4 - HKLM\..\RunOnce: [javadt.exe] C:\WINDOWS\javadt.exe
O4 - HKLM\..\RunOnce: [addjk32.exe] C:\WINDOWS\system32\addjk32.exe
O4 - HKLM\..\RunOnce: [mfcoo.exe] C:\WINDOWS\mfcoo.exe
O4 - HKLM\..\RunOnce: [sdknb32.exe] C:\WINDOWS\sdknb32.exe
O4 - HKLM\..\RunOnce: [sdkme.exe] C:\WINDOWS\sdkme.exe
O4 - HKLM\..\RunOnce: [netwc.exe] C:\WINDOWS\system32\netwc.exe
O4 - HKLM\..\RunOnce: [atlao.exe] C:\WINDOWS\system32\atlao.exe
O4 - HKLM\..\RunOnce: [ntpd32.exe] C:\WINDOWS\ntpd32.exe
O4 - HKLM\..\RunOnce: [mfcim32.exe] C:\WINDOWS\mfcim32.exe
O4 - HKLM\..\RunOnce: [addgk.exe] C:\WINDOWS\system32\addgk.exe
O4 - HKLM\..\RunOnce: [winhk.exe] C:\WINDOWS\winhk.exe
O4 - HKLM\..\RunOnce: [apiwz32.exe] C:\WINDOWS\system32\apiwz32.exe
O4 - HKLM\..\RunOnce: [addjj32.exe] C:\WINDOWS\system32\addjj32.exe
O4 - HKLM\..\RunOnce: [mfcon.exe] C:\WINDOWS\system32\mfcon.exe
O4 - HKLM\..\RunOnce: [appxo32.exe] C:\WINDOWS\system32\appxo32.exe
O4 - HKLM\..\RunOnce: [appdl.exe] C:\WINDOWS\appdl.exe
O4 - HKLM\..\RunOnce: [d3we.exe] C:\WINDOWS\d3we.exe
O4 - HKLM\..\RunOnce: [atlrp.exe] C:\WINDOWS\system32\atlrp.exe
O4 - HKLM\..\RunOnce: [ntbo32.exe] C:\WINDOWS\system32\ntbo32.exe
O4 - HKLM\..\RunOnce: [mfcnk32.exe] C:\WINDOWS\system32\mfcnk32.exe
O4 - HKLM\..\RunOnce: [sysez.exe] C:\WINDOWS\system32\sysez.exe
O4 - HKLM\..\RunOnce: [crid32.exe] C:\WINDOWS\crid32.exe
O4 - HKLM\..\RunOnce: [ipyt.exe] C:\WINDOWS\system32\ipyt.exe
O4 - HKLM\..\RunOnce: [ievy32.exe] C:\WINDOWS\ievy32.exe
O4 - HKLM\..\RunOnce: [sysvg.exe] C:\WINDOWS\sysvg.exe
O4 - HKLM\..\RunOnce: [mfcfe32.exe] C:\WINDOWS\system32\mfcfe32.exe
O4 - HKLM\..\RunOnce: [mswg.exe] C:\WINDOWS\system32\mswg.exe
O4 - HKLM\..\RunOnce: [atltd32.exe] C:\WINDOWS\atltd32.exe
O4 - HKLM\..\RunOnce: [netjl32.exe] C:\WINDOWS\netjl32.exe
O4 - HKLM\..\RunOnce: [mfcep.exe] C:\WINDOWS\mfcep.exe
O4 - HKLM\..\RunOnce: [sysde32.exe] C:\WINDOWS\sysde32.exe
O4 - HKLM\..\RunOnce: [crcu.exe] C:\WINDOWS\system32\crcu.exe
O4 - HKLM\..\RunOnce: [apibj32.exe] C:\WINDOWS\system32\apibj32.exe
O4 - HKLM\..\RunOnce: [addrr32.exe] C:\WINDOWS\addrr32.exe
O4 - HKLM\..\RunOnce: [appzh32.exe] C:\WINDOWS\appzh32.exe
O4 - HKLM\..\RunOnce: [addcz.exe] C:\WINDOWS\addcz.exe
O4 - HKLM\..\RunOnce: [appin.exe] C:\WINDOWS\system32\appin.exe
O4 - HKLM\..\RunOnce: [crns.exe] C:\WINDOWS\crns.exe
O4 - HKLM\..\RunOnce: [cril32.exe] C:\WINDOWS\system32\cril32.exe
O4 - HKLM\..\RunOnce: [addfa.exe] C:\WINDOWS\addfa.exe
O4 - HKLM\..\RunOnce: [mfcpb32.exe] C:\WINDOWS\mfcpb32.exe
O4 - HKLM\..\RunOnce: [sdktn.exe] C:\WINDOWS\sdktn.exe
O4 - HKLM\..\RunOnce: [sdknz32.exe] C:\WINDOWS\sdknz32.exe

**SimonBendle** · 12-07-2005

Sorry it told me I had too many characters so I've split it in three.
O4 - HKLM\..\RunOnce: [javanp32.exe] C:\WINDOWS\system32\javanp32.exe
O4 - HKLM\..\RunOnce: [msat.exe] C:\WINDOWS\system32\msat.exe
O4 - HKLM\..\RunOnce: [d3bt32.exe] C:\WINDOWS\d3bt32.exe
O4 - HKLM\..\RunOnce: [crpq32.exe] C:\WINDOWS\system32\crpq32.exe
O4 - HKLM\..\RunOnce: [d3py32.exe] C:\WINDOWS\d3py32.exe
O4 - HKLM\..\RunOnce: [sysuc.exe] C:\WINDOWS\sysuc.exe
O4 - HKLM\..\RunOnce: [msrz.exe] C:\WINDOWS\msrz.exe
O4 - HKLM\..\RunOnce: [addqv32.exe] C:\WINDOWS\addqv32.exe
O4 - HKLM\..\RunOnce: [syszv.exe] C:\WINDOWS\system32\syszv.exe
O4 - HKLM\..\RunOnce: [msaw32.exe] C:\WINDOWS\msaw32.exe
O4 - HKLM\..\RunOnce: [msot32.exe] C:\WINDOWS\system32\msot32.exe
O4 - HKLM\..\RunOnce: [iewb32.exe] C:\WINDOWS\system32\iewb32.exe
O4 - HKLM\..\RunOnce: [addbf.exe] C:\WINDOWS\addbf.exe
O4 - HKLM\..\RunOnce: [syscf32.exe] C:\WINDOWS\system32\syscf32.exe
O4 - HKLM\..\RunOnce: [sysqc32.exe] C:\WINDOWS\sysqc32.exe
O4 - HKLM\..\RunOnce: [sysys32.exe] C:\WINDOWS\sysys32.exe
O4 - HKLM\..\RunOnce: [appdo.exe] C:\WINDOWS\system32\appdo.exe
O4 - HKLM\..\RunOnce: [addex32.exe] C:\WINDOWS\addex32.exe
O4 - HKLM\..\RunOnce: [winsl.exe] C:\WINDOWS\system32\winsl.exe
O4 - HKLM\..\RunOnce: [addyi.exe] C:\WINDOWS\addyi.exe
O4 - HKLM\..\RunOnce: [javaln.exe] C:\WINDOWS\system32\javaln.exe
O4 - HKLM\..\RunOnce: [appgy.exe] C:\WINDOWS\system32\appgy.exe
O4 - HKLM\..\RunOnce: [javagy32.exe] C:\WINDOWS\javagy32.exe
O4 - HKLM\..\RunOnce: [winvv.exe] C:\WINDOWS\system32\winvv.exe
O4 - HKLM\..\RunOnce: [mfcfo32.exe] C:\WINDOWS\system32\mfcfo32.exe
O4 - HKLM\..\RunOnce: [ipev.exe] C:\WINDOWS\system32\ipev.exe
O4 - HKLM\..\RunOnce: [sdkja.exe] C:\WINDOWS\system32\sdkja.exe
O4 - HKLM\..\RunOnce: [sdkxx32.exe] C:\WINDOWS\sdkxx32.exe
O4 - HKLM\..\RunOnce: [sdkdt32.exe] C:\WINDOWS\system32\sdkdt32.exe
O4 - HKLM\..\RunOnce: [atliq32.exe] C:\WINDOWS\system32\atliq32.exe
O4 - HKLM\..\RunOnce: [javalb32.exe] C:\WINDOWS\system32\javalb32.exe
O4 - HKLM\..\RunOnce: [msqg.exe] C:\WINDOWS\msqg.exe
O4 - HKLM\..\RunOnce: [mslx32.exe] C:\WINDOWS\system32\mslx32.exe
O4 - HKLM\..\RunOnce: [appoj.exe] C:\WINDOWS\appoj.exe
O4 - HKLM\..\RunOnce: [appjd32.exe] C:\WINDOWS\system32\appjd32.exe
O4 - HKLM\..\RunOnce: [atlql32.exe] C:\WINDOWS\system32\atlql32.exe
O4 - HKLM\..\RunOnce: [netvp.exe] C:\WINDOWS\netvp.exe
O4 - HKLM\..\RunOnce: [mfcep32.exe] C:\WINDOWS\system32\mfcep32.exe
O4 - HKLM\..\RunOnce: [mfckm32.exe] C:\WINDOWS\mfckm32.exe
O4 - HKLM\..\RunOnce: [crtu.exe] C:\WINDOWS\crtu.exe
O4 - HKLM\..\RunOnce: [winij32.exe] C:\WINDOWS\system32\winij32.exe
O4 - HKLM\..\RunOnce: [sdkpo.exe] C:\WINDOWS\system32\sdkpo.exe
O4 - HKLM\..\RunOnce: [d3bs32.exe] C:\WINDOWS\system32\d3bs32.exe
O4 - HKLM\..\RunOnce: [atlec32.exe] C:\WINDOWS\system32\atlec32.exe
O4 - HKLM\..\RunOnce: [ntio.exe] C:\WINDOWS\system32\ntio.exe
O4 - HKLM\..\RunOnce: [ntyh.exe] C:\WINDOWS\ntyh.exe
O4 - HKLM\..\RunOnce: [appdj32.exe] C:\WINDOWS\system32\appdj32.exe
O4 - HKLM\..\RunOnce: [ntch32.exe] C:\WINDOWS\system32\ntch32.exe
O4 - HKLM\..\RunOnce: [javaam.exe] C:\WINDOWS\system32\javaam.exe
O4 - HKLM\..\RunOnce: [mfccd32.exe] C:\WINDOWS\mfccd32.exe
O4 - HKLM\..\RunOnce: [ievw32.exe] C:\WINDOWS\ievw32.exe
O4 - HKLM\..\RunOnce: [iedm.exe] C:\WINDOWS\iedm.exe
O4 - HKLM\..\RunOnce: [msem.exe] C:\WINDOWS\msem.exe
O4 - HKLM\..\RunOnce: [syslk32.exe] C:\WINDOWS\syslk32.exe
O4 - HKLM\..\RunOnce: [crbs32.exe] C:\WINDOWS\system32\crbs32.exe
O4 - HKLM\..\RunOnce: [crji.exe] C:\WINDOWS\system32\crji.exe
O4 - HKLM\..\RunOnce: [winzx32.exe] C:\WINDOWS\system32\winzx32.exe
O4 - HKLM\..\RunOnce: [addtr.exe] C:\WINDOWS\system32\addtr.exe
O4 - HKLM\..\RunOnce: [d3sg32.exe] C:\WINDOWS\system32\d3sg32.exe
O4 - HKLM\..\RunOnce: [ntqo32.exe] C:\WINDOWS\ntqo32.exe
O4 - HKLM\..\RunOnce: [sdkqe.exe] C:\WINDOWS\sdkqe.exe
O4 - HKLM\..\RunOnce: [sdkkp32.exe] C:\WINDOWS\system32\sdkkp32.exe
O4 - HKLM\..\RunOnce: [ntzk.exe] C:\WINDOWS\system32\ntzk.exe
O4 - HKLM\..\RunOnce: [atljd32.exe] C:\WINDOWS\system32\atljd32.exe
O4 - HKLM\..\RunOnce: [sdkha.exe] C:\WINDOWS\sdkha.exe
O4 - HKLM\..\RunOnce: [msrt32.exe] C:\WINDOWS\msrt32.exe
O4 - HKLM\..\RunOnce: [winha.exe] C:\WINDOWS\winha.exe
O4 - HKLM\..\RunOnce: [appvn.exe] C:\WINDOWS\appvn.exe
O4 - HKLM\..\RunOnce: [apppy32.exe] C:\WINDOWS\apppy32.exe
O4 - HKLM\..\RunOnce: [atlpo32.exe] C:\WINDOWS\system32\atlpo32.exe
O4 - HKLM\..\RunOnce: [apick.exe] C:\WINDOWS\system32\apick.exe
O4 - HKLM\..\RunOnce: [mfcdt32.exe] C:\WINDOWS\mfcdt32.exe
O4 - HKLM\..\RunOnce: [mfcri32.exe] C:\WINDOWS\system32\mfcri32.exe
O4 - HKLM\..\RunOnce: [mfcry32.exe] C:\WINDOWS\system32\mfcry32.exe
O4 - HKLM\..\RunOnce: [ipwc.exe] C:\WINDOWS\ipwc.exe
O4 - HKLM\..\RunOnce: [netec32.exe] C:\WINDOWS\system32\netec32.exe
O4 - HKLM\..\RunOnce: [apitz.exe] C:\WINDOWS\apitz.exe
O4 - HKLM\..\RunOnce: [netzw.exe] C:\WINDOWS\netzw.exe
O4 - HKLM\..\RunOnce: [iphc32.exe] C:\WINDOWS\iphc32.exe
O4 - HKLM\..\RunOnce: [javamg.exe] C:\WINDOWS\system32\javamg.exe
O4 - HKLM\..\RunOnce: [msuz32.exe] C:\WINDOWS\msuz32.exe
O4 - HKLM\..\RunOnce: [ntth.exe] C:\WINDOWS\system32\ntth.exe
O4 - HKLM\..\RunOnce: [wineo32.exe] C:\WINDOWS\system32\wineo32.exe
O4 - HKLM\..\RunOnce: [appyp32.exe] C:\WINDOWS\appyp32.exe
O4 - HKLM\..\RunOnce: [ipfy.exe] C:\WINDOWS\ipfy.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/u...lorer1_8us.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/A...ler/dwnldr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O18 - Protocol: bw+0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

**SimonBendle** · 12-07-2005

O18 - Protocol: bwf0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Simon

**HJThis** · 13-07-2005

Hi,SimonBendle

WOW i want to run & hide

now i have some software i need
you to download first then install update them all before we go on
with the fixes.

first

Make sure you can view hidden and system files: Instructions here

again i need for you to install update them all before we goto Safe Mode

Print out these instructions or save them to your desktop as a text file with Notepad because you will be running the fixes in Safe Mode with IE closed.

Prepare CWShredder for use: This is a free stand-alone program from Intermute.

Download CWShredder.
Save CWShredder.exe to a convenient location.
Please do not do anything with it yet.

Prepare AboutBuster for use:
Download the free tool AboutBuster here:
http://malwarebytes.biz/AboutBuster.zip

* Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.

* Navigate to the AboutBuster directory and double-click on AboutBuster.exe.

* Click "OK" at the prompt with instructions.

* Click "Update" and then "Check For Update" to begin the update process.

* If any updates exist please download them by clicking "Download Update".

* You should not run the program yet so click "Exit".

Please download Ewido Security Suite
ewido security suite it is a trial version of the program.

Install ewido security suite
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido, there should be an icon on your desktop double-click it.
The program will prompt you to update click the OK button
The program will now go to the main screen

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update
Click on Start

The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:

Click on scanner
Make sure the following boxes are checked before scanning:
- Archives
Click on Start Scan
Let the program scan the machine

While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

Click Save report
Save the report to your desktop

do not run it just yet

Download the free tool Hoster from here: http://www.funkytoad.com/download/hoster.zip

Unzip Hoster to a convenient location like your desktop

Then Boot to safe mode: Instructions here

Run CWShredder:

* Double-click on CWShredder.exe.

* Click "Fix ->" and click "OK" at the prompt.

* CWShredder will scan and clean your system of CWS files.

* Click "Next->" and then "Exit".

Run AboutBuster and save the logs:

* Browse to where you saved AboutBuster and run AboutBuster.exe.

* Click OK at the directions prompt.

* Click Start and then OK to run

* Click Yes to allow it to shutdown explorer.exe.

* It will begin to your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.

* When it has finished, click Save Log. We will need you to post a copy of the log after all steps here are finished.

Run Ewido Security Suite with the settings we used above

Now double click on

Press 'Restore Original Hosts' and press 'OK'
Exit Program.
Note: if you were using a custom Hosts file you will need to replace any of those entries yourself

Clean out temporary files:

* Start | Run | type cleanmgr | OK

* Let it scan your system for files to remove.

* Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.

* Click "OK" to remove them.

* Click "Yes" to confirm the deletion.

Additionally, Please check your ActiveX security settings. They may have been changed by this CWS variant to allow ALL ActiveX!! If they have been changed, reset your active x security settings in IE as recommended.

ActiveX controls and plug-ins

* Download signed ActiveX controls (Prompt)
* Download unsigned ActiveX controls (Disable)
* Initialize and script ActiveX controls not marked as safe (Disable)
* Run ActiveX controls and plug-ins (Enabled) (This actually refers to Java and Flash, not ActiveX)
* Script ActiveX controls marked safe for scripting (Prompt)

Restart your computer normally to return to normal mode.

In your next reply:

* Please post a fresh HijackThis log

* Please post the AboutBuster log.

* Please note any complications you had.

HGD

**SimonBendle** · 16-07-2005

Here are the hijack & about logs :-

Logfile of HijackThis v1.99.1
Scan saved at 19:18:10, on 15/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\hijackthis.exe
C:\WINDOWS\notepad.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [javarb32.exe] C:\WINDOWS\system32\javarb32.exe
O4 - HKLM\..\RunOnce: [winqs.exe] C:\WINDOWS\winqs.exe
O4 - HKLM\..\RunOnce: [sdkep32.exe] C:\WINDOWS\sdkep32.exe
O4 - HKLM\..\RunOnce: [atljr.exe] C:\WINDOWS\atljr.exe
O4 - HKLM\..\RunOnce: [crdc.exe] C:\WINDOWS\system32\crdc.exe
O4 - HKLM\..\RunOnce: [netjx32.exe] C:\WINDOWS\system32\netjx32.exe
O4 - HKLM\..\RunOnce: [crtv.exe] C:\WINDOWS\crtv.exe
O4 - HKLM\..\RunOnce: [ielw32.exe] C:\WINDOWS\system32\ielw32.exe
O4 - HKLM\..\RunOnce: [sdkqq.exe] C:\WINDOWS\sdkqq.exe
O4 - HKLM\..\RunOnce: [mfcjh32.exe] C:\WINDOWS\system32\mfcjh32.exe
O4 - HKLM\..\RunOnce: [apieg32.exe] C:\WINDOWS\apieg32.exe
O4 - HKLM\..\RunOnce: [mfcwk32.exe] C:\WINDOWS\system32\mfcwk32.exe
O4 - HKLM\..\RunOnce: [sysbe.exe] C:\WINDOWS\system32\sysbe.exe
O4 - HKLM\..\RunOnce: [winmy.exe] C:\WINDOWS\winmy.exe
O4 - HKLM\..\RunOnce: [cras.exe] C:\WINDOWS\cras.exe
O4 - HKLM\..\RunOnce: [sysww.exe] C:\WINDOWS\system32\sysww.exe
O4 - HKLM\..\RunOnce: [javajy32.exe] C:\WINDOWS\system32\javajy32.exe
O4 - HKLM\..\RunOnce: [apioa32.exe] C:\WINDOWS\system32\apioa32.exe
O4 - HKLM\..\RunOnce: [ntte.exe] C:\WINDOWS\ntte.exe
O4 - HKLM\..\RunOnce: [appgh32.exe] C:\WINDOWS\system32\appgh32.exe
O4 - HKLM\..\RunOnce: [ipiz32.exe] C:\WINDOWS\ipiz32.exe
O4 - HKLM\..\RunOnce: [appvb32.exe] C:\WINDOWS\appvb32.exe
O4 - HKLM\..\RunOnce: [sdkeh.exe] C:\WINDOWS\sdkeh.exe
O4 - HKLM\..\RunOnce: [mfckc32.exe] C:\WINDOWS\mfckc32.exe
O4 - HKLM\..\RunOnce: [ipog.exe] C:\WINDOWS\system32\ipog.exe
O4 - HKLM\..\RunOnce: [addui32.exe] C:\WINDOWS\addui32.exe
O4 - HKLM\..\RunOnce: [mssq.exe] C:\WINDOWS\system32\mssq.exe
O4 - HKLM\..\RunOnce: [ntxs32.exe] C:\WINDOWS\system32\ntxs32.exe
O4 - HKLM\..\RunOnce: [crwz.exe] C:\WINDOWS\system32\crwz.exe
O4 - HKLM\..\RunOnce: [netbt.exe] C:\WINDOWS\netbt.exe
O4 - HKLM\..\RunOnce: [iebb32.exe] C:\WINDOWS\system32\iebb32.exe
O4 - HKLM\..\RunOnce: [sdkgd.exe] C:\WINDOWS\system32\sdkgd.exe
O4 - HKLM\..\RunOnce: [d3yw.exe] C:\WINDOWS\system32\d3yw.exe
O4 - HKLM\..\RunOnce: [ipez.exe] C:\WINDOWS\system32\ipez.exe
O4 - HKLM\..\RunOnce: [adddy.exe] C:\WINDOWS\system32\adddy.exe
O4 - HKLM\..\RunOnce: [cria.exe] C:\WINDOWS\cria.exe
O4 - HKLM\..\RunOnce: [sysee.exe] C:\WINDOWS\sysee.exe
O4 - HKLM\..\RunOnce: [atlxx32.exe] C:\WINDOWS\atlxx32.exe
O4 - HKLM\..\RunOnce: [msqq.exe] C:\WINDOWS\system32\msqq.exe
O4 - HKLM\..\RunOnce: [mfcrz.exe] C:\WINDOWS\system32\mfcrz.exe
O4 - HKLM\..\RunOnce: [d3lk.exe] C:\WINDOWS\d3lk.exe
O4 - HKLM\..\RunOnce: [sdkaz.exe] C:\WINDOWS\sdkaz.exe
O4 - HKLM\..\RunOnce: [mfcls32.exe] C:\WINDOWS\mfcls32.exe
O4 - HKLM\..\RunOnce: [apied.exe] C:\WINDOWS\system32\apied.exe
O4 - HKLM\..\RunOnce: [javaih.exe] C:\WINDOWS\system32\javaih.exe
O4 - HKLM\..\RunOnce: [msti32.exe] C:\WINDOWS\system32\msti32.exe
O4 - HKLM\..\RunOnce: [addjq.exe] C:\WINDOWS\system32\addjq.exe
O4 - HKLM\..\RunOnce: [apinu32.exe] C:\WINDOWS\apinu32.exe
O4 - HKLM\..\RunOnce: [appwu.exe] C:\WINDOWS\system32\appwu.exe
O4 - HKLM\..\RunOnce: [atlcr32.exe] C:\WINDOWS\atlcr32.exe
O4 - HKLM\..\RunOnce: [appro32.exe] C:\WINDOWS\system32\appro32.exe
O4 - HKLM\..\RunOnce: [msvk32.exe] C:\WINDOWS\system32\msvk32.exe
O4 - HKLM\..\RunOnce: [atlqw32.exe] C:\WINDOWS\system32\atlqw32.exe
O4 - HKLM\..\RunOnce: [netda.exe] C:\WINDOWS\netda.exe
O4 - HKLM\..\RunOnce: [apiea32.exe] C:\WINDOWS\system32\apiea32.exe
O4 - HKLM\..\RunOnce: [mfcsx32.exe] C:\WINDOWS\mfcsx32.exe
O4 - HKLM\..\RunOnce: [sysxt32.exe] C:\WINDOWS\sysxt32.exe
O4 - HKLM\..\RunOnce: [apisf32.exe] C:\WINDOWS\apisf32.exe
O4 - HKLM\..\RunOnce: [ntxj.exe] C:\WINDOWS\system32\ntxj.exe
O4 - HKLM\..\RunOnce: [ipgk32.exe] C:\WINDOWS\ipgk32.exe
O4 - HKLM\..\RunOnce: [netuh.exe] C:\WINDOWS\system32\netuh.exe
O4 - HKLM\..\RunOnce: [ipad.exe] C:\WINDOWS\system32\ipad.exe
O4 - HKLM\..\RunOnce: [winoa.exe] C:\WINDOWS\winoa.exe
O4 - HKLM\..\RunOnce: [ntal.exe] C:\WINDOWS\system32\ntal.exe
O4 - HKLM\..\RunOnce: [apipa.exe] C:\WINDOWS\system32\apipa.exe
O4 - HKLM\..\RunOnce: [winit32.exe] C:\WINDOWS\winit32.exe
O4 - HKLM\..\RunOnce: [addtm.exe] C:\WINDOWS\system32\addtm.exe
O4 - HKLM\..\RunOnce: [netxi.exe] C:\WINDOWS\system32\netxi.exe
O4 - HKLM\..\RunOnce: [sdkhj32.exe] C:\WINDOWS\system32\sdkhj32.exe
O4 - HKLM\..\RunOnce: [msgr.exe] C:\WINDOWS\system32\msgr.exe
O4 - HKLM\..\RunOnce: [addcv32.exe] C:\WINDOWS\system32\addcv32.exe
O4 - HKLM\..\RunOnce: [ielv.exe] C:\WINDOWS\system32\ielv.exe
O4 - HKLM\..\RunOnce: [ipub.exe] C:\WINDOWS\ipub.exe
O4 - HKLM\..\RunOnce: [addtr32.exe] C:\WINDOWS\addtr32.exe
O4 - HKLM\..\RunOnce: [msjg.exe] C:\WINDOWS\system32\msjg.exe
O4 - HKLM\..\RunOnce: [ntiw32.exe] C:\WINDOWS\ntiw32.exe
O4 - HKLM\..\RunOnce: [mfcgl32.exe] C:\WINDOWS\system32\mfcgl32.exe
O4 - HKLM\..\RunOnce: [apigt.exe] C:\WINDOWS\system32\apigt.exe
O4 - HKLM\..\RunOnce: [atlpu.exe] C:\WINDOWS\atlpu.exe
O4 - HKLM\..\RunOnce: [sdkej32.exe] C:\WINDOWS\system32\sdkej32.exe
O4 - HKLM\..\RunOnce: [d3uq32.exe] C:\WINDOWS\system32\d3uq32.exe
O4 - HKLM\..\RunOnce: [javapc.exe] C:\WINDOWS\javapc.exe
O4 - HKLM\..\RunOnce: [apios32.exe] C:\WINDOWS\apios32.exe
O4 - HKLM\..\RunOnce: [addnz32.exe] C:\WINDOWS\system32\addnz32.exe
O4 - HKLM\..\RunOnce: [appmp.exe] C:\WINDOWS\appmp.exe
O4 - HKLM\..\RunOnce: [winvp.exe] C:\WINDOWS\system32\winvp.exe
O4 - HKLM\..\RunOnce: [netlf32.exe] C:\WINDOWS\netlf32.exe
O4 - HKLM\..\RunOnce: [javabm32.exe] C:\WINDOWS\system32\javabm32.exe
O4 - HKLM\..\RunOnce: [ipey.exe] C:\WINDOWS\system32\ipey.exe
O4 - HKLM\..\RunOnce: [appdn32.exe] C:\WINDOWS\system32\appdn32.exe
O4 - HKLM\..\RunOnce: [ietv32.exe] C:\WINDOWS\ietv32.exe
O4 - HKLM\..\RunOnce: [sysbl.exe] C:\WINDOWS\sysbl.exe
O4 - HKLM\..\RunOnce: [mscl.exe] C:\WINDOWS\system32\mscl.exe
O4 - HKLM\..\RunOnce: [atlra32.exe] C:\WINDOWS\atlra32.exe
O4 - HKLM\..\RunOnce: [ippi32.exe] C:\WINDOWS\ippi32.exe
O4 - HKLM\..\RunOnce: [apikt.exe] C:\WINDOWS\apikt.exe
O4 - HKLM\..\RunOnce: [sysjj32.exe] C:\WINDOWS\sysjj32.exe
O4 - HKLM\..\RunOnce: [crar.exe] C:\WINDOWS\system32\crar.exe
O4 - HKLM\..\RunOnce: [netzg32.exe] C:\WINDOWS\system32\netzg32.exe
O4 - HKLM\..\RunOnce: [appxw32.exe] C:\WINDOWS\appxw32.exe
O4 - HKLM\..\RunOnce: [appxe32.exe] C:\WINDOWS\appxe32.exe
O4 - HKLM\..\RunOnce: [ipge32.exe] C:\WINDOWS\system32\ipge32.exe
O4 - HKLM\..\RunOnce: [wingm.exe] C:\WINDOWS\system32\wingm.exe
O4 - HKLM\..\RunOnce: [d3kq.exe] C:\WINDOWS\system32\d3kq.exe
O4 - HKLM\..\RunOnce: [mfcec.exe] C:\WINDOWS\system32\mfcec.exe
O4 - HKLM\..\RunOnce: [addur.exe] C:\WINDOWS\addur.exe
O4 - HKLM\..\RunOnce: [d3ek32.exe] C:\WINDOWS\d3ek32.exe
O4 - HKLM\..\RunOnce: [ieyv.exe] C:\WINDOWS\system32\ieyv.exe
O4 - HKLM\..\RunOnce: [appuz.exe] C:\WINDOWS\system32\appuz.exe
O4 - HKLM\..\RunOnce: [netma32.exe] C:\WINDOWS\system32\netma32.exe
O4 - HKLM\..\RunOnce: [sdkch.exe] C:\WINDOWS\system32\sdkch.exe
O4 - HKLM\..\RunOnce: [msgl32.exe] C:\WINDOWS\msgl32.exe
O4 - HKLM\..\RunOnce: [crqm.exe] C:\WINDOWS\system32\crqm.exe
O4 - HKLM\..\RunOnce: [d3wi32.exe] C:\WINDOWS\system32\d3wi32.exe
O4 - HKLM\..\RunOnce: [crkf32.exe] C:\WINDOWS\system32\crkf32.exe
O4 - HKLM\..\RunOnce: [apipc32.exe] C:\WINDOWS\system32\apipc32.exe
O4 - HKLM\..\RunOnce: [d3kn32.exe] C:\WINDOWS\d3kn32.exe
O4 - HKLM\..\RunOnce: [sysps.exe] C:\WINDOWS\sysps.exe
O4 - HKLM\..\RunOnce: [sysrj32.exe] C:\WINDOWS\system32\sysrj32.exe
O4 - HKLM\..\RunOnce: [appiq.exe] C:\WINDOWS\system32\appiq.exe
O4 - HKLM\..\RunOnce: [iplu32.exe] C:\WINDOWS\iplu32.exe
O4 - HKLM\..\RunOnce: [mfcvv.exe] C:\WINDOWS\system32\mfcvv.exe
O4 - HKLM\..\RunOnce: [apibr32.exe] C:\WINDOWS\apibr32.exe
O4 - HKLM\..\RunOnce: [mfcpo32.exe] C:\WINDOWS\system32\mfcpo32.exe
O4 - HKLM\..\RunOnce: [ieul32.exe] C:\WINDOWS\system32\ieul32.exe
O4 - HKLM\..\RunOnce: [apipw32.exe] C:\WINDOWS\system32\apipw32.exe
O4 - HKLM\..\RunOnce: [ntub.exe] C:\WINDOWS\ntub.exe
O4 - HKLM\..\RunOnce: [netdb32.exe] C:\WINDOWS\system32\netdb32.exe
O4 - HKLM\..\RunOnce: [netry32.exe] C:\WINDOWS\netry32.exe
O4 - HKLM\..\RunOnce: [winwu32.exe] C:\WINDOWS\winwu32.exe
O4 - HKLM\..\RunOnce: [iprg32.exe] C:\WINDOWS\iprg32.exe
O4 - HKLM\..\RunOnce: [javawk.exe] C:\WINDOWS\system32\javawk.exe
O4 - HKLM\..\RunOnce: [ntek32.exe] C:\WINDOWS\ntek32.exe
O4 - HKLM\..\RunOnce: [ntth.exe] C:\WINDOWS\system32\ntth.exe
O4 - HKLM\..\RunOnce: [ntze.exe] C:\WINDOWS\system32\ntze.exe
O4 - HKLM\..\RunOnce: [addea.exe] C:\WINDOWS\system32\addea.exe
O4 - HKLM\..\RunOnce: [sdkym.exe] C:\WINDOWS\system32\sdkym.exe
O4 - HKLM\..\RunOnce: [netob.exe] C:\WINDOWS\system32\netob.exe
O4 - HKLM\..\RunOnce: [appyu32.exe] C:\WINDOWS\appyu32.exe
O4 - HKLM\..\RunOnce: [atlsf.exe] C:\WINDOWS\system32\atlsf.exe
O4 - HKLM\..\RunOnce: [ipwj.exe] C:\WINDOWS\system32\ipwj.exe
O4 - HKLM\..\RunOnce: [crgk32.exe] C:\WINDOWS\system32\crgk32.exe
O4 - HKLM\..\RunOnce: [iewr.exe] C:\WINDOWS\system32\iewr.exe
O4 - HKLM\..\RunOnce: [atlav32.exe] C:\WINDOWS\system32\atlav32.exe
O4 - HKLM\..\RunOnce: [winkw.exe] C:\WINDOWS\system32\winkw.exe
O4 - HKLM\..\RunOnce: [addqs32.exe] C:\WINDOWS\system32\addqs32.exe
O4 - HKLM\..\RunOnce: [winep32.exe] C:\WINDOWS\winep32.exe
O4 - HKLM\..\RunOnce: [javajm32.exe] C:\WINDOWS\system32\javajm32.exe
O4 - HKLM\..\RunOnce: [addex32.exe] C:\WINDOWS\addex32.exe
O4 - HKLM\..\RunOnce: [mfcrc.exe] C:\WINDOWS\system32\mfcrc.exe
O4 - HKLM\..\RunOnce: [apprc32.exe] C:\WINDOWS\apprc32.exe
O4 - HKLM\..\RunOnce: [appgz32.exe] C:\WINDOWS\system32\appgz32.exe
O4 - HKLM\..\RunOnce: [ipqx.exe] C:\WINDOWS\ipqx.exe
O4 - HKLM\..\RunOnce: [javajy.exe] C:\WINDOWS\javajy.exe
O4 - HKLM\..\RunOnce: [mfcay32.exe] C:\WINDOWS\mfcay32.exe
O4 - HKLM\..\RunOnce: [cron.exe] C:\WINDOWS\cron.exe
O4 - HKLM\..\RunOnce: [msnu32.exe] C:\WINDOWS\system32\msnu32.exe
O4 - HKLM\..\RunOnce: [ipzw32.exe] C:\WINDOWS\system32\ipzw32.exe
O4 - HKLM\..\RunOnce: [ntge32.exe] C:\WINDOWS\ntge32.exe
O4 - HKLM\..\RunOnce: [msqe32.exe] C:\WINDOWS\system32\msqe32.exe
O4 - HKLM\..\RunOnce: [apiqe32.exe] C:\WINDOWS\apiqe32.exe
O4 - HKLM\..\RunOnce: [d3lq32.exe] C:\WINDOWS\system32\d3lq32.exe
O4 - HKLM\..\RunOnce: [sysqu.exe] C:\WINDOWS\system32\sysqu.exe
O4 - HKLM\..\RunOnce: [mszu32.exe] C:\WINDOWS\mszu32.exe
O4 - HKLM\..\RunOnce: [msnr.exe] C:\WINDOWS\system32\msnr.exe
O4 - HKLM\..\RunOnce: [msto.exe] C:\WINDOWS\system32\msto.exe
O4 - HKLM\..\RunOnce: [ipgk.exe] C:\WINDOWS\ipgk.exe
O4 - HKLM\..\RunOnce: [ietw.exe] C:\WINDOWS\system32\ietw.exe
O4 - HKLM\..\RunOnce: [cril.exe] C:\WINDOWS\system32\cril.exe
O4 - HKLM\..\RunOnce: [ipae32.exe] C:\WINDOWS\ipae32.exe
O4 - HKLM\..\RunOnce: [ntmx.exe] C:\WINDOWS\ntmx.exe
O4 - HKLM\..\RunOnce: [d3qt.exe] C:\WINDOWS\system32\d3qt.exe
O4 - HKLM\..\RunOnce: [winau32.exe] C:\WINDOWS\winau32.exe
O4 - HKLM\..\RunOnce: [atlzb.exe] C:\WINDOWS\system32\atlzb.exe
O4 - HKLM\..\RunOnce: [ntuf32.exe] C:\WINDOWS\system32\ntuf32.exe
O4 - HKLM\..\RunOnce: [apieg.exe] C:\WINDOWS\system32\apieg.exe
O4 - HKLM\..\RunOnce: [netsc32.exe] C:\WINDOWS\system32\netsc32.exe
O4 - HKLM\..\RunOnce: [apiyz32.exe] C:\WINDOWS\apiyz32.exe
O4 - HKLM\..\RunOnce: [windw32.exe] C:\WINDOWS\system32\windw32.exe
O4 - HKLM\..\RunOnce: [ntde.exe] C:\WINDOWS\system32\ntde.exe
O4 - HKLM\..\RunOnce: [apihi.exe] C:\WINDOWS\system32\apihi.exe
O4 - HKLM\..\RunOnce: [javawf32.exe] C:\WINDOWS\javawf32.exe
O4 - HKLM\..\RunOnce: [ieum.exe] C:\WINDOWS\ieum.exe
O4 - HKLM\..\RunOnce: [appqq32.exe] C:\WINDOWS\appqq32.exe
O4 - HKLM\..\RunOnce: [sysar.exe] C:\WINDOWS\sysar.exe
O4 - HKLM\..\RunOnce: [winon32.exe] C:\WINDOWS\winon32.exe
O4 - HKLM\..\RunOnce: [sysuc32.exe] C:\WINDOWS\sysuc32.exe
O4 - HKLM\..\RunOnce: [javazh32.exe] C:\WINDOWS\javazh32.exe
O4 - HKLM\..\RunOnce: [wincs32.exe] C:\WINDOWS\system32\wincs32.exe
O4 - HKLM\..\RunOnce: [iemr.exe] C:\WINDOWS\system32\iemr.exe
O4 - HKLM\..\RunOnce: [atlbo32.exe] C:\WINDOWS\atlbo32.exe
O4 - HKLM\..\RunOnce: [ipav.exe] C:\WINDOWS\ipav.exe
O4 - HKLM\..\RunOnce: [crwr32.exe] C:\WINDOWS\system32\crwr32.exe
O4 - HKLM\..\RunOnce: [ntlj32.exe] C:\WINDOWS\system32\ntlj32.exe
O4 - HKLM\..\RunOnce: [msvf.exe] C:\WINDOWS\msvf.exe
O4 - HKLM\..\RunOnce: [ntfa.exe] C:\WINDOWS\ntfa.exe
O4 - HKLM\..\RunOnce: [sdkto32.exe] C:\WINDOWS\system32\sdkto32.exe
O4 - HKLM\..\RunOnce: [sdkzl32.exe] C:\WINDOWS\sdkzl32.exe
O4 - HKLM\..\RunOnce: [atleq32.exe] C:\WINDOWS\atleq32.exe
O4 - HKLM\..\RunOnce: [netrs32.exe] C:\WINDOWS\system32\netrs32.exe
O4 - HKLM\..\RunOnce: [addxm.exe] C:\WINDOWS\addxm.exe
O4 - HKLM\..\RunOnce: [sdkhb32.exe] C:\WINDOWS\sdkhb32.exe
O4 - HKLM\..\RunOnce: [d3mg.exe] C:\WINDOWS\system32\d3mg.exe
O4 - HKLM\..\RunOnce: [crvg32.exe] C:\WINDOWS\crvg32.exe
O4 - HKLM\..\RunOnce: [javabd32.exe] C:\WINDOWS\system32\javabd32.exe
O4 - HKLM\..\RunOnce: [apigz32.exe] C:\WINDOWS\system32\apigz32.exe
O4 - HKLM\..\RunOnce: [crjl32.exe] C:\WINDOWS\system32\crjl32.exe
O4 - HKLM\..\RunOnce: [ieop.exe] C:\WINDOWS\ieop.exe
O4 - HKLM\..\RunOnce: [mspp32.exe] C:\WINDOWS\system32\mspp32.exe
O4 - HKLM\..\RunOnce: [d3dm.exe] C:\WINDOWS\d3dm.exe
O4 - HKLM\..\RunOnce: [sysnz32.exe] C:\WINDOWS\sysnz32.exe
O4 - HKLM\..\RunOnce: [appbf.exe] C:\WINDOWS\system32\appbf.exe
O4 - HKLM\..\RunOnce: [atlze.exe] C:\WINDOWS\atlze.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/u...lorer1_8us.cab

**SimonBendle** · 16-07-2005

part 2 of hijack:-

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/A...ler/dwnldr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O18 - Protocol: bw+0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {2DA82EE9-522F-47E9-AAE5-A434AFBF4445} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe