Please help :)

  1. 26-05-2007  #1
    Twan
    Twan is offline Newbie

    Smile Please help :)

    I am having a gazillion pop ups for "security" software. So much that browsing the internet is a disaster.

    Below is my HJT log.
    I downloaded and ran the spybot program (removed everything it found)
    I downloaded and ran the newest adaware program (removed everything it found)
    I then downloaded and ran the AVG virus program (which ran for 12 hours and I "healed" everything it found)
    So then, (I believe) I installed the latest HJT and here is the log.

    As always, you guys are the best!

    Logfile of HijackThis v1.99.1
    Scan saved at 10:05:41 AM, on 5/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\mobile PhoneTools\WatchDog.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
    C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Real\RealPlay.exe
    C:\HJT\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=w...E6V+A0T86wpIRj
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\rthktrqs.dll",realset
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
    O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {416792D8-F532-493A-BECC-1C99A1501FF9} (vmLaunch Class) - http://media2.comcast.net/anon.comca...mLauncher2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134438539750
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O18 - Protocol: bw+0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: Pem4sfgesvc - VSO Software - (no file)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  2. 26-05-2007  #2
    VopThis
    VopThis is offline Senior Member (Canada)
    If you are running two (2) real-time antivirus tools at the same time, please uninstall one of them or at least end the running process for AVG. They will conflict, cause incompatibilities, and/or horribly slowdown your PC.


    Click here to download Dr.Web CureIt and save it to your desktop.
    • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
    • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, mark the drives that you want to scan.
    • Select all drives. A red dot shows which drives have been chosen.
    • Click the green arrow at the right, and the scan will start.
    • Click 'Yes to all' if it asks if you want to cure/move the file.
    • When the scan has finished, see if you can click the icon next to the files found:
    • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

      This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
    • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.


    Post the Dr. Web CureIt Results.



    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
    Last edited by VopThis; 26-05-2007 at 05:08 PM.
  3. 27-05-2007  #3
    Twan
    Twan is offline Newbie
    Thanks again!

    DR.WEB LOG

    tgcmd.exe;c:\program files\support.com\bin;Probably DLOADER.Trojan;Incurable.Will be moved after reboot.;
    rthktrqs.dll;c:\windows\system32;Trojan.Virtumod;W ill be cured after reboot.;
    tyjdomdo.dll;c:\windows\system32;Trojan.Virtumod;W ill be cured after reboot.;
    TICHD003.exe;C:\Documents and Settings\Brian\Local Settings\Temp;Adware.ZenoSearch;Incurable.Moved.;
    winantispyware2007freeinstall[1].exe;C:\Documents and Settings\Guest\Application Data;Trojan.DownLoader.10963;Deleted.;
    WinAntiSpyware2007FreeInstall[1].exe;C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\F4PJSO77;Trojan.DownLoader.10963 ;Deleted.;
    TICHD003.exe;C:\Documents and Settings\Twan\Local Settings\Temp;Adware.ZenoSearch;Incurable.Moved.;
    setup.exe;C:\Documents and Settings\Twan\Local Settings\Temp\NI.UWA6P_0001_N69M0303;Trojan.Fakeal ert;Deleted.;
    AboutBuster.exe;C:\Documents and Settings\Twan\My Documents\AboutBuster\AboutBuster;Probably BACKDOOR.Trojan;Incurable.Moved.;
    mIRC.ExCurSioN.exe;C:\Excursion9.5;Program.mIRC.61 2;Incurable.Moved.;
    mirc.exe;C:\Program Files\mIRC;Program.mIRC.612;Incurable.Moved.;
    sdcmon.dll;C:\Program Files\Support.com\bin;Probably DLOADER.Trojan;Incurable.Moved.;
    tgcmd.exe;C:\Program Files\Support.com\bin;Probably DLOADER.Trojan;Incurable.Moved.;
    tgupdate.exe;C:\Program Files\Support.com\bin;Probably DLOADER.Trojan;Incurable.Moved.;
    A0234164.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1311;Adware.ZenoSearch;Incurable.M oved.;
    A0234520.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1313;Adware.Comet;Incurable.Moved. ;
    A0234521.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1313;Adware.Starware;Incurable.Mov ed.;
    A0234524.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1313;Adware.ZenoSearch;Incurable.M oved.;
    A0236632.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1316;Adware.ZenoSearch;Incurable.M oved.;
    A0237698.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1319;Adware.ZenoSearch;Incurable.M oved.;
    A0237863.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1320;Trojan.DownLoader.6408;Delete d.;
    A0237952.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1321;Trojan.DownLoader.10963;Delet ed.;
    GTDownLS_125.ocx;C:\WINDOWS\SYSTEM32;Adware.Gdown; Incurable.Moved.;
    rthktrqs.dll;C:\WINDOWS\SYSTEM32;Trojan.Virtumod;W ill be cured after reboot.;
    tyjdomdo.dll;C:\WINDOWS\SYSTEM32;Trojan.Virtumod;W ill be cured after reboot.;

    COMBOFIX LOG
    "Twan" - 2007-05-26 21:05:07 Service Pack 2
    ComboFix 07-05.26.3.V - Running from: "C:\Documents and Settings\Twan\Desktop\"


    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))) )))))


    C:\WINDOWS\system32\rthktrqs.dll
    C:\WINDOWS\system32\onnmp.bak1
    C:\WINDOWS\system32\onnmp.bak2
    C:\WINDOWS\system32\onnmp.ini
    C:\WINDOWS\system32\onnmp.ini2
    C:\WINDOWS\system32\onnmp.tmp
    C:\WINDOWS\system32\sqrtkhtr.ini
    C:\WINDOWS\SYSTEM32\onnmp.bak1
    C:\WINDOWS\SYSTEM32\onnmp.bak2
    C:\WINDOWS\SYSTEM32\onnmp.ini
    C:\WINDOWS\SYSTEM32\onnmp.ini2
    C:\WINDOWS\SYSTEM32\onnmp.tmp
    C:\WINDOWS\SYSTEM32\onnmp.bak1
    C:\WINDOWS\SYSTEM32\onnmp.bak2
    C:\WINDOWS\SYSTEM32\onnmp.ini
    C:\WINDOWS\SYSTEM32\onnmp.ini2
    C:\WINDOWS\SYSTEM32\onnmp.tmp
    C:\WINDOWS\system32\pmnno.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    "C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe"
    "C:\WINDOWS\system32\drivers\fad.sys"
    "C:\install.log"
    "C:\Temp\17O7"


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-26 to 2007-05-26 ))))))))))))))))))))))))))))))))))


    2007-05-26 16:43 <DIR> d-------- C:\Documents and Settings\Twan\DoctorWeb
    2007-05-26 16:43 <DIR> d-------- C:\DOCUME~1\Twan\DoctorWeb
    2007-05-25 20:12 <DIR> d-------- C:\DOCUME~1\Twan\APPLIC~1\Lavasoft
    2007-05-22 09:53 <DIR> d-------- C:\WINDOWS\SYSTEM32\T1QaSQ
    2007-05-22 09:53 <DIR> d-------- C:\Temp\0b9
    2007-05-11 08:23 5,767,168 --a------ C:\Documents and Settings\Twan\ntuser.dat
    2007-05-11 08:23 5,767,168 --a------ C:\DOCUME~1\Twan\ntuser.dat
    2007-05-11 08:23 3,428,352 --a------ C:\DOCUME~1\LILBRI~1\NTUSER.DAT
    2007-05-10 03:11 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))

    2007-05-27 02:02:01 -------- d-----w C:\Program Files\mIRC
    2007-05-26 01:12:25 -------- d-----w C:\Program Files\Lavasoft
    2007-05-01 22:54:31 -------- d-----w C:\Program Files\DVDFab Decrypter 3
    2007-04-18 20:46:19 -------- d-----w C:\Program Files\DVDFab HD Decrypter 3
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-11 00:17:25 -------- d-----w C:\Program Files\iTunes
    2007-04-11 00:17:12 -------- d-----w C:\Program Files\iPod
    2007-04-11 00:09:15 -------- d-----w C:\Program Files\QuickTime
    2007-04-10 23:59:06 -------- d-----w C:\Program Files\Apple Software Update
    2007-04-02 21:35:06 -------- d-----w C:\Program Files\Common Files\HP
    2007-03-27 04:28:40 16 ----a-w C:\WINDOWS\popcinfo.dat
    2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll [2006-09-29 12:53]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 19:38]
    {290ED476-F50F-4C47-936E-FF99D7203B44}=C:\WINDOWS\system32\cutaivro.dll []
    {4B646AFB-9341-4330-8FD1-C32485AEE619}=C:\WINDOWS\system32\tyjdomdo.dll []
    {53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-01-06 11:52]
    {5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-06 01:04]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2005-08-11 19:45]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 20:05]
    "BCMSMMSG"="BCMSMMSG.exe" []
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-11-20 08:50]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-25 22:42]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
    "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupda te.exe" [2006-01-11 12:05]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
    "EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 20:07]

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\runonce]
    "DelayShred"="C:\Program Files\McAfee\McAfee Shared Components\Shredder 5\SHRED32.EXE" /q C:\Recycler\NPROTECT\00001184.SH! C:\Recycler\NPROTECT\00001183.SH! C:\Recycler\NPROTECT\00001182.SH! C:\Recycler\NPROTECT\00001181.SH! C:\Recycler\NPROTECT\00001180.SH! C:\Recycler\NPROTECT\00001179.SH! C:\Recycler\NPROTECT\00001178.SH! C:\Recycler\NPROTECT\00001177.SH! C:\Recycler\NPROTECT\00001176.SH! C:\Recycler\NPROTECT\00001175.SH! C:\Recycler\NPROTECT\00001174.SH! C:\Recycler\NPROTECT\00001173.SH! C:\Recycler\NPROTECT\00001172.SH! C:\Recycler\NPROTECT\00001171.SH! C:\Recycler\NPROTECT\00001170.SH! C:\Recycler\NPROTECT\00001169.SH! C:\Recycler\NPROTECT\00001168.SH! C:\Recycler\NPROTECT\00001167.SH! C:\Recycler\NPROTECT\00001166.SH! C:\Recycler\NPROTECT\00001165.SH! C:\Recycler\NPROTECT\00001164.SH! C:\Recycler\NPROTECT\00001163.SH! C:\Recycler\NPROTECT\00001162.SH! C:\Recycler\NPROTECT\00001161.SH! C:\Recycler\NPROTECT\00001160.SH! C:\Recycler\NPROTECT\00001159.SH! C:\Recycler\NPROTECT\00001158.SH! C:\Recycler\NPROTECT\00001157.SH! C:\Recycler\NPROTECT\00001156.SH! C:\Recycler\NPROTECT\00001155.SH! C:\Recycler\NPROTECT\00001154.SH! C:\Recycler\NPROTECT\00001153.SH! C:\Recycler\NPROTECT\00001152.SH! C:\Recycler\NPROTECT\00001151.SH! C:\Recycler\NPROTECT\00001150.SH! C:\Recycler\NPROTECT\00001149.SH! C:\Recycler\NPROTECT\00001148.SH! C:\Recycler\NPROTECT\00001147.SH! C:\Recycler\NPROTECT\00001146.SH! C:\Recycler\NPROTECT\00001145.SH! C:\Recycler\NPROTECT\00001144.SH! C:\Recycler\NPROTECT\00001143.SH! C:\Recycler\NPROTECT\00001142.SH! C:\Recycler\NPROTECT\00001141.SH! C:\Recycler\NPROTECT\00001140.SH! C:\Recycler\NPROTECT\00001139.SH! C:\Recycler\NPROTECT\00001138.SH! C:\Recycler\NPROTECT\00001137.SH! C:\Recycler\NPROTECT\00001136.SH! C:\Recycler\NPROTECT\00001135.SH! C:\Recycler\NPROTECT\00001134.SH! C:\Recycler\NPROTECT\00001133.SH! C:\Recycler\NPROTECT\00001132.SH! C:\Recycler\NPROTECT\00001131.SH! C:\Recycler\NPROTECT\00001130.SH! C:\Recycler\NPROTECT\00001129.SH! C:\Recycler\NPROTECT\00001128.SH! C:\Recycler\NPROTECT\00001127.SH! C:\Recycler\NPROTECT\00001126.SH! C:\Recycler\NPROTECT\00001125.SH! C:\Recycler\NPROTECT\00001124.SH! C:\Recycler\NPROTECT\00001123.SH! C:\Recycler\NPROTECT\00001122.SH! C:\Recycler\NPROTECT\00001121.SH! C:\Recycler\NPROTECT\00001120.SH! C:\Recycler\NPROTECT\00001119.SH! C:\Recycler\NPROTECT\00001118.SH! C:\Recycler\NPROTECT\00001117.SH! C:\Recycler\NPROTECT\00001116.SH! C:\Recycler\NPROTECT\00001115.SH! C:\Recycler\NPROTECT\00001114.SH! C:\Recycler\NPROTECT\00001113.SH! C:\Recycler\NPROTECT\00001112.SH! C:\Recycler\NPROTECT\00001111.SH! C:\Recycler\NPROTECT\00001110.SH! C:\Recycler\NPROTECT\00001109.SH! C:\Recycler\NPROTECT\00001108.SH! C:\Recycler\NPROTECT\00001107.SH! C:\Recycler\NPROTECT\00001106.SH! C:\Recycler\NPROTECT\00001105.SH! C:\Recycler\NPROTECT\00001104.SH! C:\Recycler\NPROTECT\00001103.SH! C:\Recycler\NPROTECT\00001102.SH! C:\Recycler\NPROTECT\00001101.SH! C:\Recycler\NPROTECT\00001100.SH! C:\Recycler\NPROTECT\00001099.SH! C:\Recycler\NPROTECT\00001098.SH! C:\Recycler\NPROTECT\00001097.SH! C:\Recycler\NPROTECT\00001096.SH! C:\Recycler\NPROTECT\00001095.SH! C:\Recycler\NPROTECT\00001094.SH! C:\Recycler\NPROTECT\00001093.SH! C:\Recycler\NPROTECT\00001092.SH! C:\Recycler\NPROTECT\00001091.SH! C:\Recycler\NPROTECT\00001090.SH! C:\Recycler\NPROTECT\00001089.SH! C:\Recycler\NPROTECT.SH!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
    "{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="C:\Program Files\ewido anti-malware\shellhook.dll" [2004-09-30 07:21]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxuro]
    cbxxuro.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
    backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
    backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Brian^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Brian\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Twan^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    path=C:\Documents and Settings\Twan\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Filmatom]
    C:\PROGRA~1\MESSVI~1\AudioSect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
    C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee QuickClean Imonitor]
    C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
    c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
    "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POINTER]
    point32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
    "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
    "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
    C:\Program Files\mobile PhoneTools\WatchDog.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet



    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20060318-010604-786
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZSYYYYYYYYUS

    backup-20060317-174634-115
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/...ler/dwnldr.cab

    ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??

    backup-20060317-174633-120
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab

    ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????=?????????????`????

    backup-20060317-174633-841
    O4 - HKLM\..\Run: [nameknobjumpsettings] C:\Documents and Settings\All Users\Application Data\LIVEDELETENAMEKNOB\nameflag.exe

    backup-20060317-174633-108
    O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start

    backup-20060317-174633-266
    O4 - HKLM\..\Run: [Popup Blocker Updater] regsvr32 /s C:\WINDOWS\System32\sfg145f.dll

    backup-20060317-174633-486
    O2 - BHO: RawExecAction Object - {18898424-E3AB-4BA9-8E8D-5434B1CECA75} - C:\WINDOWS\system32\pmnlj.dll (file missing)

    backup-20060317-174633-278
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    Contents of the 'Scheduled Tasks' folder
    2007-05-27 03:00:00 C:\WINDOWS\tasks\A91B0D959184854D.job
    2007-05-27 03:00:00 C:\WINDOWS\tasks\AC27C19991807461.job
    2007-05-27 03:00:00 C:\WINDOWS\tasks\AEDD15C0930E88D8.job
    2007-05-26 17:20:13 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    ************************************************** ******************

    catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-26 22:12:21
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    ************************************************** ******************

    Completion time: 2007-05-26 22:16:46 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-05-26 22:16

    --- E O F ---

    HIJACKTHIS LOG
    Logfile of HijackThis v1.99.1
    Scan saved at 10:24:21 PM, on 5/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\notepad.exe
    C:\HJT\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {290ED476-F50F-4C47-936E-FF99D7203B44} - C:\WINDOWS\system32\cutaivro.dll (file missing)
    O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\tyjdomdo.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {416792D8-F532-493A-BECC-1C99A1501FF9} (vmLaunch Class) - http://media2.comcast.net/anon.comca...mLauncher2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134438539750
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O18 - Protocol: bw+0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: cbxxuro - cbxxuro.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: Pem4sfgesvc - VSO Software - (no file)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  4. 27-05-2007  #4
    VopThis
    VopThis is offline Senior Member (Canada)
    SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

    O2 - BHO: (no name) - {290ED476-F50F-4C47-936E-FF99D7203B44} - C:\WINDOWS\system32\cutaivro.dll (file missing)
    O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\tyjdomdo.dll (file missing)

    O20 - Winlogon Notify: cbxxuro - cbxxuro.dll (file missing)

    O23 - Service: Pem4sfgesvc - VSO Software - (no file)

    Make sure that all browser windows and internet links are closed, even this one!
    CLICK ’FIX CHECKED’ with HijackThis.




    Ewido has now been updated as a revised product 'AVG Anti-Spyware' (AVGAS). Please uninstall Ewido and reboot, and then install the revised tool:

    Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
      • Click on Change state next to Resident shield. It should now change to inactive.
      • Click on Change state next to Automatic updates. It should now change to inactive.
      • Next to the words Last Update, click on Update now. (You will need an active internet connection to perform this)
      • Wait until you see the Update successful message.
      • Click on Scanner on the toolbar at top of this screen.
      • Click on the Settings tab.
        • Under How to act?
          • Click on Recommended Action and choose Quarantine from the popup menu.
        • Under How to scan?
          • All checkboxes should be ticked.
        • Under Possibly unwanted software:
          • All checkboxes should be ticked.
        • Under Reports:
          • Select Automatically generate report after every scan and uncheck Only if threats were found.
        • Under What to scan?
          • Select Scan every file.
      • Close AVG Anti-Spyware without running yet.
    Now disable (turn off AVG Anti-Spyware)
    • Right-click the AVG Anti-Spyware Tray Icon (Bottom right corner of computer screen near clock) and uncheck Start with Windows.
    • Right-click the AVG Anti-Spyware Tray Icon again and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update AVG Anti-Spyware.
    AVG Anti-Spyware manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
    ______________________________

    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    ______________________________


    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
    Note: If AVG Anti-Spyware screen does not fit your monitor screen Hold down the Alt button on keyboard then tap spacebar, menu should pop up then choose maximize. AVG Anti-Spyware screen should now fit to the screen a lot better.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.


    IMPORTANT : Don't click on the "Save Scan Report" button before you hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button.(3)
    • When done, click the Save Scan Report button. (4)
      • Click the Save Report as button.
      • Save the report to your Desktop. I will need you to post this in your next reply.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    Reboot in Normal Mode.



    POST A REVISED HIJACKTHIS LOG for review:
    Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
  5. 28-05-2007  #5
    Twan
    Twan is offline Newbie
    HJT Log

    Logfile of HijackThis v1.99.1
    Scan saved at 10:23:33 AM, on 5/28/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    C:\PROGRA~1\Grisoft\AVG7\avgw.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HJT\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {416792D8-F532-493A-BECC-1C99A1501FF9} (vmLaunch Class) - http://media2.comcast.net/anon.comca...mLauncher2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134438539750
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O18 - Protocol: bw+0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {EE691432-5CA5-4556-A7BE-16E2EC219E9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: Pem4sfgesvc - VSO Software - (no file)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


    AVG Scan
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 10:12:53 AM 5/28/2007

    + Scan result:



    C:\Documents and Settings\Lil Brian\My Documents\SpongeBob SquarePants Collapse!\bfgt_silent_en.exe/nickarcade.dll -> Adware.BHO : Cleaned with backup (quarantined).
    C:\Documents and Settings\Twan\DoctorWeb\Quarantine\A0234520.dll -> Adware.Comet : Cleaned with backup (quarantined).
    C:\Documents and Settings\Twan\DoctorWeb\Quarantine\A0234521.dll -> Adware.Comet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1316\A0236631.dll -> Adware.Companion : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brian\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brian\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brian\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brian\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined).
    HKU\S-1-5-21-3330564500-1475241393-514485694-1008\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
    HKU\S-1-5-21-3330564500-1475241393-514485694-1008\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Twan\DoctorWeb\Quarantine\A0234164.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\Documents and Settings\Twan\DoctorWeb\Quarantine\A0234524.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\Documents and Settings\Twan\DoctorWeb\Quarantine\A0236632.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\Documents and Settings\Twan\DoctorWeb\Quarantine\A0237698.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\Documents and Settings\Twan\DoctorWeb\Quarantine\TICHD000.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\Documents and Settings\Twan\DoctorWeb\Quarantine\TICHD003.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1292\A0231174.exe -> Backdoor.DSNX.05.a : Cleaned with backup (quarantined).
    C:\Documents and Settings\Brian\Local Settings\Temp\YazzleBundle-1281.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
    G:\DOWNLOADS\HOLLYWOOD FX\KeyGen\keygen.exe -> Downloader.Zlob.bnv : Cleaned with backup (quarantined).
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@mrsupergames.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@paidmarketingpanel.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@psu.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
    C:\Documents and Settings\Brian\Cookies\brian@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Brian\Cookies\brian@stats.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Guest\Cookies\guest@2.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Guest\Cookies\guest@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Guest\Cookies\guest@www.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Twan\Cookies\twan@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\RECYCLER\S-1-5-21-3330564500-1475241393-514485694-1009\Dc2.txt -> TrackingCookie.Adrevolver : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Twan\Cookies\twan@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Twan\Cookies\twan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Twan\Cookies\twan@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\Documents and Settings\Guest\Cookies\guest@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Lil Brian\Local Settings\Temp\Cookies\lil brian@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Twan\Cookies\twan@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned.
    C:\Documents and Settings\Brian\Cookies\brian@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\Documents and Settings\Guest\Cookies\guest@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\Documents and Settings\Twan\Cookies\twan@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@cdn.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Documents and Settings\Twan\Cookies\twan@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Documents and Settings\Twan\Cookies\twan@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\Guest\Cookies\guest@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@ehg-globalgamingleague.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Lil Brian\Local Settings\Temp\Cookies\lil brian@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@komtrack[2].txt -> TrackingCookie.Komtrack : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@search.live[1].txt -> TrackingCookie.Live : Cleaned.
    C:\Documents and Settings\Brian\Cookies\brian@sales.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents and Settings\Guest\Cookies\guest@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
    C:\Documents and Settings\Twan\Cookies\twan@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Twan\Cookies\twan@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
    C:\Documents and Settings\Lil Brian\Local Settings\Temp\Cookies\lil brian@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
    C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@www.paypal[2].txt -> TrackingCookie.Paypal : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
    C:\Documents and Settings\Twan\Cookies\twan@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\Twan\Cookies\twan@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@guide.real[2].txt -> TrackingCookie.Real : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@radio.real[2].txt -> TrackingCookie.Real : Cleaned.
    C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@network.realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
    C:\Documents and Settings\Lil Brian\Local Settings\Temp\Cookies\lil brian@network.realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
    C:\Documents and Settings\Twan\Cookies\twan@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
    C:\Documents and Settings\Guest\Cookies\guest@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@try.starware[2].txt -> TrackingCookie.Starware : Cleaned.
    C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
    C:\Documents and Settings\Twan\Cookies\twan@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
    C:\Documents and Settings\Lil Brian\Local Settings\Temp\Cookies\lil brian@a.tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\Twan\Cookies\twan@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
    C:\Documents and Settings\Lil Brian\Local Settings\Temp\Cookies\lil brian@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
    C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Lil Brian\Cookies\lil_brian@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Twan\Cookies\twan@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


    ::Report end

    Things seems to be running fine. I did not remember to "Quarantine" the items found during the AVG scan. I clicked only, Apply all actions and then save the report. Do I need to do this again?

    Thanks again for the help!
  6. 28-05-2007  #6
    VopThis
    VopThis is offline Senior Member (Canada)
    I did not remember to "Quarantine" the items found during the AVG scan. I clicked only, Apply all actions and then save the report. Do I need to do this again?
    Quarantine is always the more conservative INITIAL action to take in case of mistakes or 'false positives'. Since you cleaned everything found, there is no need to run the scan again.
  7. 31-05-2007  #7
    Twan
    Twan is offline Newbie
    Thanks SOOOOO much for your help!
  8. 01-06-2007  #8
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    Are you ok then?
+ Reply to Thread
« Adware Problem(RESOLVED) | Hello I have a deeply embedded adware trojan.(RESOLVED) »