Helpe removing Trojan.win32.obfuscated.gx please
-
Help removing Trojan.win32.obfuscated.gx please
I've fallen victim
...please help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:49 PM, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Peter\bin\jusched.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\Program Files\Eset\nod32krn.exe
D:\symantec\NORTON~1\NPROTECT.EXE
C:\Program Files\SpywareDetector\SDService.exe
D:\symantec\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startribune.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startribune.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\ymnyhaue.slt\prefs.j s)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Peter\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Video - {D0995F82-90C7-4C78-9B4C-C1700FB8B120} - C:\WINDOWS\windivx.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Peter\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NSWosCheck] D:\symantec\osCheck.exe
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKUS\S-1-5-21-4000810977-2127399207-3186221942-1005\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User '?')
O4 - HKUS\S-1-5-21-4000810977-2127399207-3186221942-1005\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Peter\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Peter\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\symantec\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\symantec\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/tech...rl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/tech...rl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/def...andaonline.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/def...caploader1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.motortopia.com/ImageUploa...eUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {BE1BDC4F-2AAC-494E-88B1-86B2EE4F2D6D} (CopySafe3 Control) - http://download.copysafe.net/Plugin/...d/Copysafe.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - http://zone.msn.com/bingame/hsol/def...ebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} - http://www.zoomify.com/download/zoomify305.cab
O18 - Protocol: bw+0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - D:\symantec\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\symantec\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
--
End of file - 26839 bytes
Last edited by Mr.Squeelerz; 12-12-2007 at 04:50 AM.
-
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
DO NOT RUN ANY OTHER OPTIONS UNTIL REQUESTED TO. This is very important to get an optimal and comprehensive fix. Warning : running option #2 on a non infected computer will remove your Desktop background.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
-
SmitFraudFix v2.265
Scan done at 19:10:39.31, Wed 12/12/2007
Run from C:\Documents and Settings\User\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\windivx.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\User\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
pe386 detected, use a Rootkit scanner
lzx32 detected, use a Rootkit scanner
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
-
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
You are presently running two (2) real-time antivirus tools at the same time which is very unproductive for your PC as well as a possible source of conflict and slowdowns.
Please uninstall either NOD32 or Norton AV (NOD32 probably simpler to uninstall for the time being).
REBOOT after the uninstall.
Next,
Download and install AVG Anti-Spyware 7.5 (AVG AS).
- Click the Download BUTTON. On the next page click the Download now BUTTON.
- Save and then install (Run) from the save location.
- Open/Run AVG Anti-Spyware
- Wait a few moments and AVG Anti-Spyware should Auto update itself (note date of last update). If it doesn't update, click the update ICON at top of screen:
- Click on the Update now LINK at the top of the window
- Click on the Start update button
- Wait for the update to download and install
- This is very important to get the LATEST updates
- Click on the Status ICON
- Under "Your computers Security"
Click change status on Resident shield to inactive (ONLY consider activation of that feature once you are clean)
- Click on the Scanner ICON at the top of the window
- Click on the Settings tab then select Recommended Actions and choose Quarantine
- When updating has finished. Close AVG Anti-Spyware.
We will be using this tool in a later step.
- Next, please reboot your computer in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Running SmitfraudFix – 2nd Part
- Once in Safe Mode, double-click on SmitfraudFix.exe
Warning: running option #2 on a non infected computer will remove your Desktop background.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
- Restart your computer in Safe Mode again.
AVG Anti-Spyware - 2nd Part
- Click on Scanner on the toolbar.
- Click on Complete System Scan to start the scan process.
- Let the program scan your computer.
- When the scan has finished, follow the instructions below:
- Make sure that Set all elements to: shows Quarantine
- Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
- When the program has finished, it will display the message All actions have been applied.
- Then click the Save Scan Report button.
- Click the Save Report as button.
- Save the report to your Desktop.
- Right-click the AVG Tray Icon and select Exit.
- Now copy the report back to this topic.
- Run a new HijackThis (HJT) scan.
- Please ensure that you have posted the SmitfraudFix, AVG, and HJT logs in this thread.
Let us know how your PC is now behaving.
-
SmitFraudFix v2.265
Scan done at 19:39:18.90, Thu 12/13/2007
Run from C:\Documents and Settings\User\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 www.test.com
127.0.0.1 www.ads.x10.com
127.0.0.1 www.600pics.com
127.0.0.1 www.doberman.befree.com
127.0.0.1 www.enews.bfast.com
127.0.0.1 www.etoys.bfast.com
127.0.0.1 www.falcon.bfast.com
127.0.0.1 www.ftp.befree.com
127.0.0.1 www.ftp.bfast.com
127.0.0.1 www.geocities.bfast.com
127.0.0.1 www.goshoppingonline.bfast.com
127.0.0.1 www.great-dane.befree.com
127.0.0.1 www.great-dane.bfast.com
127.0.0.1 www.greyhound.bfast.com
127.0.0.1 www.help.bfast.com
127.0.0.1 www.husky.bfast.com
127.0.0.1 www.images.bfast.com
127.0.0.1 www.imp.bfast.com
127.0.0.1 www.njmgt1.bfast.com
127.0.0.1 www.njmgt2.bfast.com
127.0.0.1 www.njrep0.bfast.com
127.0.0.1 www.njrep1.bfast.com
127.0.0.1 www.njrep2.bfast.com
127.0.0.1 www.njtxn1.bfast.com
127.0.0.1 www.otterhound.bfast.com
127.0.0.1 www.preprod-geocities.bfast.com
127.0.0.1 www.preprod.bfast.com
127.0.0.1 www.qwest.bfast.com
127.0.0.1 www.reporting.net
127.0.0.1 www.ridgeback.befree.com
127.0.0.1 www.ridgeback.bfast.com
127.0.0.1 www.samoyed.bfast.com
127.0.0.1 www.scrappy.befree.com
127.0.0.1 www.service.bfast.com
127.0.0.1 www.travelocity.bfast.com
127.0.0.1 www.travsoft.bfast.com
127.0.0.1 www.verisign.bfast.com
127.0.0.1 www.vulture.bfast.com
127.0.0.1 www.whippet.bfast.com
127.0.0.1 www.wolfhound.bfast.com
127.0.0.1 www.befree.com
127.0.0.1 www.s0.bluestreak.com
127.0.0.1 www.s1.bluestreak.com
127.0.0.1 www.s2.bluestreak.com
127.0.0.1 www.s3.bluestreak.com
127.0.0.1 www.s4.bluestreak.com
127.0.0.1 www.s5.bluestreak.com
127.0.0.1 www.s6.bluestreak.com
127.0.0.1 www.s7.bluestreak.com
127.0.0.1 www.s8.bluestreak.com
127.0.0.1 www.abc.bnex.com
127.0.0.1 www.alpha.bnex.com
127.0.0.1 www.bnex.com
127.0.0.1 www.customer.bnex.com
127.0.0.1 www.db.bnex.com
127.0.0.1 www.dev.bnex.com
127.0.0.1 www.do.you.uh.yahoo.at.bnex.com
127.0.0.1 www.ghost.in.the.shell.at.bnex.com
127.0.0.1 www.granite.bnex.com
127.0.0.1 www.intarsia.bnex.com
127.0.0.1 www.intranet.bnex.com
127.0.0.1 www.jade.bnex.com
127.0.0.1 www.malachite.bnex.com
127.0.0.1 www.marble.bnex.com
127.0.0.1 www.megastore.bnex.com
127.0.0.1 www.mosaic.bnex.com
127.0.0.1 www.ns1.bnex.com
127.0.0.1 www.ns2.bnex.com
127.0.0.1 www.onyx.bnex.com
127.0.0.1 www.orion.bnex.com
127.0.0.1 www.pebble.bnex.com
127.0.0.1 www.preview.bnex.com
127.0.0.1 www.quartz.bnex.com
127.0.0.1 www.terrazzo.bnex.com
127.0.0.1 www.vpos.bnex.com
127.0.0.1 www.www.bnex.com
127.0.0.1 www.ads.bpath.com
127.0.0.1 www.ads01.bpath.com
127.0.0.1 www.ads03.bpath.com
127.0.0.1 www.ads04.bpath.com
127.0.0.1 www.ads05.bpath.com
127.0.0.1 www.ads06.bpath.com
127.0.0.1 www.ads07.bpath.com
127.0.0.1 www.ads08.bpath.com
127.0.0.1 www.ads09.bpath.com
127.0.0.1 www.ads1.bpath.com
127.0.0.1 www.ads10.bpath.com
127.0.0.1 www.ads11.bpath.com
127.0.0.1 www.ads12.bpath.com
127.0.0.1 www.ads13.bpath.com
127.0.0.1 www.ads14.bpath.com
127.0.0.1 www.ads15.bpath.com
127.0.0.1 www.ads16.bpath.com
127.0.0.1 www.ads17.bpath.com
127.0.0.1 www.ads18.bpath.com
127.0.0.1 www.ads19.bpath.com
127.0.0.1 www.ads2.bpath.com
127.0.0.1 www.ads20.bpath.com
127.0.0.1 www.ads21.bpath.com
127.0.0.1 www.ads22.bpath.com
127.0.0.1 www.ads23.bpath.com
127.0.0.1 www.ads24.bpath.com
127.0.0.1 www.ads25.bpath.com
127.0.0.1 www.ads26.bpath.com
127.0.0.1 www.ads27.bpath.com
127.0.0.1 www.ads28.bpath.com
127.0.0.1 www.ads29.bpath.com
127.0.0.1 www.ads3.bpath.com
127.0.0.1 www.ads32.bpath.com
127.0.0.1 www.ads33.bpath.com
127.0.0.1 www.ads34.bpath.com
127.0.0.1 www.ads35.bpath.com
127.0.0.1 www.ads36.bpath.com
127.0.0.1 www.ads37.bpath.com
127.0.0.1 www.ads38.bpath.com
127.0.0.1 www.ads39.bpath.com
127.0.0.1 www.ads40.bpath.com
127.0.0.1 www.ads41.bpath.com
127.0.0.1 www.ads42.bpath.com
127.0.0.1 www.ads43.bpath.com
127.0.0.1 www.ads44.bpath.com
127.0.0.1 www.ads45.bpath.com
127.0.0.1 www.ads46.bpath.com
127.0.0.1 www.ads47.bpath.com
127.0.0.1 www.ads48.bpath.com
127.0.0.1 www.ads49.bpath.com
127.0.0.1 www.ads50.bpath.com
127.0.0.1 www.ads51.bpath.com
127.0.0.1 www.ads52.bpath.com
127.0.0.1 www.bpath.com
127.0.0.1 www.www.bpath.com
127.0.0.1 www.acim.com
127.0.0.1 www.commission-junction.com
127.0.0.1 www.e250a.track4.com
127.0.0.1 www.fingerhut.track4.com
127.0.0.1 www.foxy.acim.com
127.0.0.1 www.foxy.track4.com
127.0.0.1 www.ftp.acim.com
127.0.0.1 www.ftp.track4.com
127.0.0.1 www.gate.acim.com
127.0.0.1 www.gifttree.track4.com
127.0.0.1 www.maximizer.acim.com
127.0.0.1 www.ns1.acim.com
127.0.0.1 www.ns2.acim.com
127.0.0.1 www.plum.acim.com
127.0.0.1 www.sz.track4.com
127.0.0.1 www.toten.acim.com
127.0.0.1 www.towerrecords.track4.com
127.0.0.1 www.track4.com
127.0.0.1 www.translucent.acim.com
127.0.0.1 www.www.acim.com
127.0.0.1 www1.track4.com
127.0.0.1 www2.track4.com
127.0.0.1 www3.track4.com
127.0.0.1 www.3Aad.doubleclick.net
127.0.0.1 www.aa.doubleclick.net
127.0.0.1 www.accord.netgravity.com
127.0.0.1 www.ad.au.doubleclick.net
127.0.0.1 www.ad.br.doubleclick.net
127.0.0.1 www.ad.ca.doubleclick.net
127.0.0.1 www.ad.contentzone.com
127.0.0.1 www.ad.de.doubleclick.net
127.0.0.1 www.ad.doubleclick.com
127.0.0.1 www.ad.es.doubleclick.net
127.0.0.1 www.ad.fi.doubleclick.net
127.0.0.1 www.ad.fr.doubleclick.net
127.0.0.1 www.ad.it.doubleclick.net
127.0.0.1 www.ad.jp.doubleclick.net
127.0.0.1 www.ad.my.doubleclick.net
127.0.0.1 www.ad.nl.doubleclick.net
127.0.0.1 www.ad.no.doubleclick.net
127.0.0.1 www.ad.pt.doubleclick.net
127.0.0.1 www.ad.se.doubleclick.net
127.0.0.1 www.ad.sg.doubleclick.net
127.0.0.1 www.ad.sq.doubleclick.net
127.0.0.1 www.ad.uk.doubleclick.net
127.0.0.1 www.ad.us.doubleclick.net
127.0.0.1 www.ad1.doubleclick.net
127.0.0.1 www.ad2.doubleclick.net
127.0.0.1 www.ad3.doubleclick.net
127.0.0.1 www.adcenter1.netgravity.com
127.0.0.1 www.ADS-SECONDARY.doubleclick.net
127.0.0.1 www.ads.double-click.com
127.0.0.1 www.bay-sw-10.netgravity.com
127.0.0.1 www.bbn-gw.NYC1.doubleclick.net
127.0.0.1 www.caelum.netgravity.com
127.0.0.1 www.de1.doubleclick.net
127.0.0.1 www.demo.netgravity.com
127.0.0.1 www.double-click.com
127.0.0.1 www.doubleclick.com
127.0.0.1 www.doubleclick.net
127.0.0.1 www.draco.netgravity.com
127.0.0.1 www.dyson.netgravity.com
127.0.0.1 www.ecommerce.netgravity.com
127.0.0.1 www.engpptp.netgravity.com
127.0.0.1 www.enterprise.netgravity.com
127.0.0.1 www.exnjadgda1.doubleclick.net
127.0.0.1 www.exnjadgda2.doubleclick.net
127.0.0.1 www.exnjadgds1.doubleclick.net
127.0.0.1 www.exnjmdgda1.doubleclick.net
127.0.0.1 www.exnjmdgds1.doubleclick.net
127.0.0.1 www.exodus-gw.EWR1.doubleclick.net
127.0.0.1 www.fr1.doubleclick.net
127.0.0.1 www.ftp.netgravity.com
127.0.0.1 www.gatekeeper.netgravity.com
127.0.0.1 www.gd20.doubleclick.net
127.0.0.1 www.gd25.doubleclick.net
127.0.0.1 www.gd28.doubleclick.net
127.0.0.1 www.gd4.doubleclick.net
127.0.0.1 www.gravitychannel.netgravity.com
127.0.0.1 www.gravityhome.netgravity.com
127.0.0.1 www.home.netgravity.com
127.0.0.1 www.In.doubleclick.net
127.0.0.1 www.joinchannel.netgravity.com
127.0.0.1 www.jp.doubleclick.net
127.0.0.1 www.listserver.netgravity.com
127.0.0.1 www.ln.doubleclick.net
127.0.0.1 www.lon-router.netgravity.com
127.0.0.1 www.london.netgravity.com
127.0.0.1 www.lucian.netgravity.com
127.0.0.1 www.m.doubleclick.com
127.0.0.1 www.m.doubleclick.net
127.0.0.1 www.m2.doubleclick.net
127.0.0.1 www.MAILEXODUS.doubleclick.net
127.0.0.1 www.mdist.doubleclick.net
127.0.0.1 www.mplex-dfa.doubleclick.net
127.0.0.1 www.myhome.netgravity.com
127.0.0.1 www.nda.netgravity.com
127.0.0.1 www.netgravity.com
127.0.0.1 www.network-199-95-207-10.doubleclick.net
127.0.0.1 www.network-199-95-207-138.doubleclick.net
127.0.0.1 www.network-199-95-207-148.doubleclick.net
127.0.0.1 www.network-199-95-207-2.doubleclick.net
127.0.0.1 www.network-199-95-207-3.doubleclick.net
127.0.0.1 www.network-199-95-207-4.doubleclick.net
127.0.0.1 www.network-199-95-207-5.doubleclick.net
127.0.0.1 www.network-199-95-207-6.doubleclick.net
127.0.0.1 www.network-199-95-207-7.doubleclick.net
127.0.0.1 www.network-199-95-207-8.doubleclick.net
127.0.0.1 www.network-199-95-207-9.doubleclick.net
127.0.0.1 www.network-199-95-208-10.doubleclick.net
127.0.0.1 www.network-199-95-208-2.doubleclick.net
127.0.0.1 www.network-199-95-208-3.doubleclick.net
127.0.0.1 www.network-199-95-208-4.doubleclick.net
127.0.0.1 www.network-199-95-208-5.doubleclick.net
127.0.0.1 www.network-199-95-208-6.doubleclick.net
127.0.0.1 www.network-199-95-208-7.doubleclick.net
127.0.0.1 www.network-199-95-208-8.doubleclick.net
127.0.0.1 www.network-209-67-38-10.doubleclick.net
127.0.0.1 www.network-209-67-38-2.doubleclick.net
127.0.0.1 www.network-209-67-38-3.doubleclick.net
127.0.0.1 www.network-209-67-38-4.doubleclick.net
127.0.0.1 www.network-209-67-38-5.doubleclick.net
127.0.0.1 www.network-209-67-38-6.doubleclick.net
127.0.0.1 www.network-209-67-38-7.doubleclick.net
127.0.0.1 www.network-209-67-38-8.doubleclick.net
127.0.0.1 www.network-209-67-38-9.doubleclick.net
127.0.0.1 www.news.netgravity.com
127.0.0.1 www.ng-webserver.netgravity.com
127.0.0.1 www.nl.doubleclick.net
127.0.0.1 www.no.doubleclick.net
127.0.0.1 www.ns.doubleclick.net
127.0.0.1 www.ns1.doubleclick.net
127.0.0.1 www.ns2.doubleclick.net
127.0.0.1 www.ny-router.netgravity.com
127.0.0.1 www.ny.netgravity.com
127.0.0.1 www.phase2media.doubleclick.net
127.0.0.1 www.pptp-server.netgravity.com
127.0.0.1 www.pptp.netgravity.com
127.0.0.1 www.proxy.netgravity.com
127.0.0.1 www.rdbox.doubleclick.net
127.0.0.1 www.resolver.doubleclick.net
127.0.0.1 www.sanders.netgravity.com
127.0.0.1 www.se.doubleclick.net
127.0.0.1 www.se1.doubleclick.net
127.0.0.1 www.SITEPAGES.doubleclick.net
127.0.0.1 www.smhq-fe1-0.netgravity.com
127.0.0.1 www.sold.netgravity.com
127.0.0.1 www.suitespot.netgravity.com
127.0.0.1 www.support.netgravity.com
127.0.0.1 www.uk.doubleclick.net
127.0.0.1 www.uk1.doubleclick.net
127.0.0.1 www.us.doubleclick.net
127.0.0.1 www.uunet-gw.NYC1.doubleclick.net
127.0.0.1 www.uunyadgda1.doubleclick.net
127.0.0.1 www.uunyadgds1.doubleclick.net
127.0.0.1 www3.netgravity.com
127.0.0.1 www4.netgravity.com
127.0.0.1 www.zac.netgravity.com
127.0.0.1 www.ads1.speedbit.com
127.0.0.1 www.ads2.speedbit.com
127.0.0.1 www.ads3.speedbit.com
127.0.0.1 www3.speedbit.com
127.0.0.1 www.speedbit.com
127.0.0.1 www.54.conducent.com
127.0.0.1 www.addbtest.conducent.com
127.0.0.1 www.addbtest.timesink.com
127.0.0.1 www.addltest.conducent.com
127.0.0.1 www.addltest.timesink.com
127.0.0.1 www.addltestmaster.conducent.com
127.0.0.1 www.adqa.conducent.com
127.0.0.1 www.contentalpha.conducent.com
127.0.0.1 www.contentqa.conducent.com
127.0.0.1 www.contents.conducent.com
127.0.0.1 www.contents1.conducent.com
127.0.0.1 www.contenttest.conducent.com
127.0.0.1 www.digisle.conducent.com
127.0.0.1 www.DNS1.CONDUCENT.COM
127.0.0.1 www.download.timesink.com
127.0.0.1 www.eroom.conducent.com
127.0.0.1 www.firewall.conducent.com
127.0.0.1 www.firewall.timesink.com
127.0.0.1 www.ftp.conducent.com
127.0.0.1 www.hermes.conducent.com
127.0.0.1 www.ip134.conducent.com
127.0.0.1 www.ip134.timesink.com
127.0.0.1 www.Jerry.conducent.com
127.0.0.1 www.mail.conducent.com
127.0.0.1 www.mail.timesink.com
127.0.0.1 www.nandbob.conducent.com
127.0.0.1 www.nid.conducent.com
127.0.0.1 www.nid.timesink.com
127.0.0.1 www.nidinternal.conducent.com
127.0.0.1 www.nidinternal.timesink.com
127.0.0.1 www.nidinternaltest.conducent.com
127.0.0.1 www.nidtest.conducent.com
127.0.0.1 www.nidtest.timesink.com
127.0.0.1 www.nt2.conducent.com
127.0.0.1 www.pop3.conducent.com
127.0.0.1 www.pop3.timesink.com
127.0.0.1 www.proxytest.conducent.com
127.0.0.1 www.pushv5.conducent.com
127.0.0.1 www.redirectqa.conducent.com
127.0.0.1 www.redirects.conducent.com
127.0.0.1 www.redirects.timesink.com
127.0.0.1 www.redirecttest.conducent.com
127.0.0.1 www.smtp.conducent.com
127.0.0.1 www.smtp.timesink.com
127.0.0.1 www.softwares.conducent.com
127.0.0.1 www.softwares.timesink.com
127.0.0.1 www.sterlinga.conducent.com
127.0.0.1 www.sterlingf.conducent.com
127.0.0.1 www.updates2.conducent.com
127.0.0.1 www.updatetest.conducent.com
127.0.0.1 www.warsport.timesink.com
127.0.0.1 www.conducent.com
127.0.0.1 www.test.conducent.com
127.0.0.1 www.test.timesink.com
127.0.0.1 www.zeus.conducent.com
127.0.0.1 www.zeus.timesink.com
127.0.0.1 www.bob.web3000.com
127.0.0.1 www.tasha.web3000.com
127.0.0.1 www1.web3000.com
127.0.0.1 www7.web3000.com
127.0.0.1 www.abbott.radiate.com
127.0.0.1 www.ad2-1.aureate.com
127.0.0.1 www.ad2-2.aureate.com
127.0.0.1 www.ad2-3.aureate.com
127.0.0.1 www.ad2-4.aureate.com
127.0.0.1 www.adam.radiate.com
127.0.0.1 www.adserv2-301-sjc2.radiate.com
127.0.0.1 www.adserv3-408-sjc2.radiate.com
127.0.0.1 www.adsoftware.com
127.0.0.1 www.aim.adsoftware.com
127.0.0.1 www.aim.aureate.com
127.0.0.1 www.aim1.adsoftware.com
127.0.0.1 www.aim1.aureate.com
127.0.0.1 www.aim2.adsoftware.com
127.0.0.1 www.aim2.aureate.com
127.0.0.1 www.aim3.adsoftware.com
127.0.0.1 www.aim3.aureate.com
127.0.0.1 www.aim4.adsoftware.com
127.0.0.1 www.aim4.aureate.com
127.0.0.1 www.aim5.adsoftware.com
127.0.0.1 www.aim5.aureate.com
127.0.0.1 www.aim6.adsoftware.com
127.0.0.1 www.alexander.aureate.com
127.0.0.1 www.ans-test.adsoftware.com
127.0.0.1 www.ans1.adsoftware.com
127.0.0.1 www.ans10.adsoftware.com
127.0.0.1 www.ans2.adsoftware.com
127.0.0.1 www.ans3.adsoftware.com
127.0.0.1 www.apc-pdu-1.aureate.com
127.0.0.1 www.apc-pdu-2.aureate.com
127.0.0.1 www.aristotle.aureate.com
127.0.0.1 www.ask-a-chick.com
127.0.0.1 www.aureate-colo-hp2424m.aureate.com
127.0.0.1 www.aureate-main-2611.aureate.com
127.0.0.1 www.aureate.com
127.0.0.1 www.aureatemedia.com
127.0.0.1 www.bach.aureate.com
127.0.0.1 www.bc-208-184-172-192.radiate.com
127.0.0.1 www.bigmama.radiate.com
127.0.0.1 www.binarybliss.com
127.0.0.1 www.bonnie2.radiate.com
127.0.0.1 www.brinks.radiate.com
127.0.0.1 www.brutus.radiate.com
127.0.0.1 www.caesar.aureate.com
127.0.0.1 www.confucius.aureate.com
127.0.0.1 www.constantine.aureate.com
127.0.0.1 www.cook.aureate.com
127.0.0.1 www.copernicus.aureate.com
127.0.0.1 www.corona.radiate.com
127.0.0.1 www.costello.radiate.com
127.0.0.1 www.curly.aureate.com
127.0.0.1 www.cyrus.aureate.com
127.0.0.1 www.deadmanwalking.radiate.com
127.0.0.1 www.dell.radiate.com
127.0.0.1 www.dillinger.aureate.com
127.0.0.1 www.dolphinsfootball.com
127.0.0.1 www.dosequis.radiate.com
127.0.0.1 www.download.binarybliss.com
127.0.0.1 www.foreigner.radiate.com
127.0.0.1 www.freud.aureate.com
127.0.0.1 www.ftp.gozilla.com
127.0.0.1 www.gameboy.aureate.com
127.0.0.1 www.gd1.radiate.com
127.0.0.1 www.gizmo.net
127.0.0.1 www.godzilla.radiate.com
127.0.0.1 www.gozilla.com
127.0.0.1 www.group-mail.com
127.0.0.1 www.gzs-6509.radiate.com
127.0.0.1 www.gzs-7206.radiate.com
127.0.0.1 www.gzs-ld.radiate.com
127.0.0.1 www.h-208-184-172-10.radiate.com
127.0.0.1 www.h-208-184-172-100.radiate.com
127.0.0.1 www.a-d-w-a-r-e.com
127.0.0.1 ad-w-a-r-e.com
127.0.0.1 ads.x10.com
127.0.0.1 600pics.com
127.0.0.1 doberman.befree.com
127.0.0.1 enews.bfast.com
127.0.0.1 etoys.bfast.com
127.0.0.1 falcon.bfast.com
127.0.0.1 ftp.befree.com
127.0.0.1 ftp.bfast.com
127.0.0.1 geocities.bfast.com
127.0.0.1 goshoppingonline.bfast.com
127.0.0.1 great-dane.befree.com
127.0.0.1 great-dane.bfast.com
127.0.0.1 greyhound.bfast.com
127.0.0.1 help.bfast.com
127.0.0.1 husky.bfast.com
127.0.0.1 images.bfast.com
127.0.0.1 imp.bfast.com
127.0.0.1 njmgt1.bfast.com
127.0.0.1 njmgt2.bfast.com
127.0.0.1 njrep0.bfast.com
127.0.0.1 njrep2.bfast.com
127.0.0.1 njrep1.bfast.com
127.0.0.1 njtxn1.bfast.com
127.0.0.1 otterhound.bfast.com
127.0.0.1 preprod-geocities.bfast.com
127.0.0.1 preprod.bfast.com
127.0.0.1 qwest.bfast.com
127.0.0.1 reporting.net
127.0.0.1 ridgeback.befree.com
127.0.0.1 ridgeback.bfast.com
127.0.0.1 samoyed.bfast.com
127.0.0.1 scrappy.befree.com
127.0.0.1 service.bfast.com
127.0.0.1 travelocity.bfast.com
127.0.0.1 travsoft.bfast.com
127.0.0.1 verisign.bfast.com
127.0.0.1 vulture.bfast.com
127.0.0.1 whippet.bfast.com
127.0.0.1 wolfhound.bfast.com
127.0.0.1 befree.com
127.0.0.1 s0.bluestreak.com
127.0.0.1 s1.bluestreak.com
127.0.0.1 s2.bluestreak.com
127.0.0.1 s3.bluestreak.com
127.0.0.1 s4.bluestreak.com
127.0.0.1 s5.bluestreak.com
127.0.0.1 s6.bluestreak.com
127.0.0.1 s7.bluestreak.com
127.0.0.1 s8.bluestreak.com
127.0.0.1 abc.bnex.com
127.0.0.1 alpha.bnex.com
127.0.0.1 bnex.com
127.0.0.1 customer.bnex.com
127.0.0.1 db.bnex.com
127.0.0.1 dev.bnex.com
127.0.0.1 do.you.uh.yahoo.at.bnex.com
127.0.0.1 ghost.in.the.shell.at.bnex.com
127.0.0.1 granite.bnex.com
127.0.0.1 intarsia.bnex.com
127.0.0.1 intranet.bnex.com
127.0.0.1 jade.bnex.com
127.0.0.1 malachite.bnex.com
127.0.0.1 marble.bnex.com
127.0.0.1 megastore.bnex.com
127.0.0.1 mosaic.bnex.com
127.0.0.1 ns1.bnex.com
127.0.0.1 ns2.bnex.com
127.0.0.1 onyx.bnex.com
127.0.0.1 orion.bnex.com
127.0.0.1 pebble.bnex.com
127.0.0.1 preview.bnex.com
127.0.0.1 quartz.bnex.com
127.0.0.1 terrazzo.bnex.com
127.0.0.1 vpos.bnex.com
127.0.0.1 ads.bpath.com
127.0.0.1 ads01.bpath.com
127.0.0.1 ads03.bpath.com
127.0.0.1 ads04.bpath.com
127.0.0.1 ads05.bpath.com
127.0.0.1 ads06.bpath.com
127.0.0.1 ads07.bpath.com
127.0.0.1 ads08.bpath.com
127.0.0.1 ads09.bpath.com
127.0.0.1 ads1.bpath.com
127.0.0.1 ads10.bpath.com
127.0.0.1 ads11.bpath.com
127.0.0.1 ads12.bpath.com
127.0.0.1 ads13.bpath.com
127.0.0.1 ads14.bpath.com
127.0.0.1 ads15.bpath.com
127.0.0.1 ads16.bpath.com
127.0.0.1 ads17.bpath.com
127.0.0.1 ads18.bpath.com
127.0.0.1 ads19.bpath.com
127.0.0.1 ads2.bpath.com
127.0.0.1 ads20.bpath.com
127.0.0.1 ads21.bpath.com
127.0.0.1 ads22.bpath.com
127.0.0.1 ads23.bpath.com
127.0.0.1 ads24.bpath.com
127.0.0.1 ads25.bpath.com
127.0.0.1 ads26.bpath.com
127.0.0.1 ads27.bpath.com
127.0.0.1 ads28.bpath.com
127.0.0.1 ads29.bpath.com
127.0.0.1 ads3.bpath.com
127.0.0.1 ads32.bpath.com
127.0.0.1 ads33.bpath.com
127.0.0.1 ads34.bpath.com
127.0.0.1 ads35.bpath.com
127.0.0.1 ads36.bpath.com
127.0.0.1 ads37.bpath.com
127.0.0.1 ads38.bpath.com
127.0.0.1 ads39.bpath.com
127.0.0.1 ads40.bpath.com
127.0.0.1 ads41.bpath.com
127.0.0.1 ads42.bpath.com
127.0.0.1 ads43.bpath.com
127.0.0.1 ads44.bpath.com
127.0.0.1 ads45.bpath.com
127.0.0.1 ads46.bpath.com
127.0.0.1 ads47.bpath.com
127.0.0.1 ads48.bpath.com
127.0.0.1 ads49.bpath.com
127.0.0.1 ads50.bpath.com
127.0.0.1 ads51.bpath.com
127.0.0.1 ads52.bpath.com
127.0.0.1 bpath.com
127.0.0.1 acim.com
127.0.0.1 commission-junction.com
127.0.0.1 e250a.track4.com
127.0.0.1 fingerhut.track4.com
127.0.0.1 foxy.acim.com
127.0.0.1 foxy.track4.com
127.0.0.1 ftp.acim.com
127.0.0.1 ftp.track4.com
127.0.0.1 gate.acim.com
127.0.0.1 gifttree.track4.com
127.0.0.1 maximizer.acim.com
127.0.0.1 ns1.acim.com
127.0.0.1 ns2.acim.com
127.0.0.1 plum.acim.com
127.0.0.1 sz.track4.com
127.0.0.1 toten.acim.com
127.0.0.1 towerrecords.track4.com
127.0.0.1 track4.com
127.0.0.1 translucent.acim.com
127.0.0.1 1.track4.com
127.0.0.1 2.track4.com
127.0.0.1 3.track4.com
127.0.0.1 3Aad.doubleclick.net
127.0.0.1 aa.doubleclick.net
127.0.0.1 accord.netgravity.com
127.0.0.1 ad.au.doubleclick.net
127.0.0.1 ad.br.doubleclick.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.contentzone.com
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.doubleclick.com
127.0.0.1 ad.es.doubleclick.net
127.0.0.1 ad.fi.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.it.doubleclick.net
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.my.doubleclick.net
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.pt.doubleclick.net
127.0.0.1 ad.se.doubleclick.net
127.0.0.1 ad.sg.doubleclick.net
127.0.0.1 ad.sq.doubleclick.net
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.us.doubleclick.net
127.0.0.1 ad1.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 adcenter1.netgravity.com
127.0.0.1 ADS-SECONDARY.doubleclick.net
127.0.0.1 ads.double-click.com
127.0.0.1 bay-sw-10.netgravity.com
127.0.0.1 bbn-gw.NYC1.doubleclick.net
127.0.0.1 caelum.netgravity.com
127.0.0.1 de1.doubleclick.net
127.0.0.1 demo.netgravity.com
127.0.0.1 double-click.com
127.0.0.1 doubleclick.com
127.0.0.1 doubleclick.net
127.0.0.1 draco.netgravity.com
127.0.0.1 dyson.netgravity.com
127.0.0.1 ecommerce.netgravity.com
127.0.0.1 engpptp.netgravity.com
127.0.0.1 enterprise.netgravity.com
127.0.0.1 exnjadgda1.doubleclick.net
127.0.0.1 exnjadgda2.doubleclick.net
127.0.0.1 exnjadgds1.doubleclick.net
127.0.0.1 exnjmdgda1.doubleclick.net
127.0.0.1 exnjmdgds1.doubleclick.net
127.0.0.1 exodus-gw.EWR1.doubleclick.net
127.0.0.1 fr1.doubleclick.net
127.0.0.1 ftp.netgravity.com
127.0.0.1 gatekeeper.netgravity.com
127.0.0.1 gd20.doubleclick.net
127.0.0.1 gd25.doubleclick.net
127.0.0.1 gd28.doubleclick.net
127.0.0.1 gd4.doubleclick.net
127.0.0.1 gravitychannel.netgravity.com
127.0.0.1 gravityhome.netgravity.com
127.0.0.1 home.netgravity.com
127.0.0.1 In.doubleclick.net
127.0.0.1 joinchannel.netgravity.com
127.0.0.1 jp.doubleclick.net
127.0.0.1 listserver.netgravity.com
127.0.0.1 ln.doubleclick.net
127.0.0.1 lon-router.netgravity.com
127.0.0.1 london.netgravity.com
127.0.0.1 lucian.netgravity.com
127.0.0.1 m.doubleclick.com
127.0.0.1 m.doubleclick.net
127.0.0.1 m2.doubleclick.net
127.0.0.1 MAILEXODUS.doubleclick.net
127.0.0.1 mdist.doubleclick.net
127.0.0.1 mplex-dfa.doubleclick.net
127.0.0.1 myhome.netgravity.com
127.0.0.1 nda.netgravity.com
127.0.0.1 netgravity.com
127.0.0.1 network-199-95-207-10.doubleclick.net
127.0.0.1 network-199-95-207-138.doubleclick.net
127.0.0.1 network-199-95-207-148.doubleclick.net
127.0.0.1 network-199-95-207-2.doubleclick.net
127.0.0.1 network-199-95-207-3.doubleclick.net
127.0.0.1 network-199-95-207-4.doubleclick.net
127.0.0.1 network-199-95-207-5.doubleclick.net
127.0.0.1 network-199-95-207-6.doubleclick.net
127.0.0.1 network-199-95-207-7.doubleclick.net
127.0.0.1 network-199-95-207-8.doubleclick.net
127.0.0.1 network-199-95-207-9.doubleclick.net
127.0.0.1 network-199-95-208-10.doubleclick.net
127.0.0.1 network-199-95-208-2.doubleclick.net
127.0.0.1 network-199-95-208-3.doubleclick.net
127.0.0.1 network-199-95-208-4.doubleclick.net
127.0.0.1 network-199-95-208-5.doubleclick.net
127.0.0.1 network-199-95-208-6.doubleclick.net
127.0.0.1 network-199-95-208-7.doubleclick.net
127.0.0.1 network-199-95-208-8.doubleclick.net
127.0.0.1 network-209-67-38-10.doubleclick.net
127.0.0.1 network-209-67-38-2.doubleclick.net
127.0.0.1 network-209-67-38-3.doubleclick.net
127.0.0.1 network-209-67-38-4.doubleclick.net
127.0.0.1 network-209-67-38-5.doubleclick.net
127.0.0.1 network-209-67-38-6.doubleclick.net
127.0.0.1 network-209-67-38-7.doubleclick.net
127.0.0.1 network-209-67-38-8.doubleclick.net
127.0.0.1 network-209-67-38-9.doubleclick.net
127.0.0.1 news.netgravity.com
127.0.0.1 ng-webserver.netgravity.com
127.0.0.1 nl.doubleclick.net
127.0.0.1 no.doubleclick.net
127.0.0.1 ns.doubleclick.net
127.0.0.1 ns1.doubleclick.net
127.0.0.1 ns2.doubleclick.net
127.0.0.1 ny-router.netgravity.com
127.0.0.1 ny.netgravity.com
127.0.0.1 phase2media.doubleclick.net
127.0.0.1 pptp-server.netgravity.com
127.0.0.1 pptp.netgravity.com
127.0.0.1 proxy.netgravity.com
127.0.0.1 rdbox.doubleclick.net
127.0.0.1 resolver.doubleclick.net
127.0.0.1 sanders.netgravity.com
127.0.0.1 se.doubleclick.net
127.0.0.1 se1.doubleclick.net
127.0.0.1 SITEPAGES.doubleclick.net
127.0.0.1 smhq-fe1-0.netgravity.com
127.0.0.1 sold.netgravity.com
127.0.0.1 suitespot.netgravity.com
127.0.0.1 support.netgravity.com
127.0.0.1 uk.doubleclick.net
127.0.0.1 uk1.doubleclick.net
127.0.0.1 us.doubleclick.net
127.0.0.1 uunet-gw.NYC1.doubleclick.net
127.0.0.1 uunyadgda1.doubleclick.net
127.0.0.1 uunyadgds1.doubleclick.net
127.0.0.1 3.netgravity.com
127.0.0.1 4.netgravity.com
127.0.0.1 zac.netgravity.com
127.0.0.1 ads1.speedbit.com
127.0.0.1 ads2.speedbit.com
127.0.0.1 ads3.speedbit.com
127.0.0.1 speedbit.com
127.0.0.1 54.conducent.com
127.0.0.1 addbtest.conducent.com
127.0.0.1 addbtest.timesink.com
127.0.0.1 addltest.conducent.com
127.0.0.1 addltest.timesink.com
127.0.0.1 adqa.conducent.com
127.0.0.1 contentalpha.conducent.com
127.0.0.1 contentqa.conducent.com
127.0.0.1 contents.conducent.com
127.0.0.1 contents1.conducent.com
127.0.0.1 contenttest.conducent.com
127.0.0.1 digisle.conducent.com
127.0.0.1 DNS1.CONDUCENT.COM
127.0.0.1 download.timesink.com
127.0.0.1 eroom.conducent.com
127.0.0.1 firewall.conducent.com
127.0.0.1 firewall.timesink.com
127.0.0.1 ftp.conducent.com
127.0.0.1 hermes.conducent.com
127.0.0.1 ip134.conducent.com
127.0.0.1 ip134.timesink.com
127.0.0.1 Jerry.conducent.com
127.0.0.1 mail.conducent.com
127.0.0.1 mail.timesink.com
127.0.0.1 nandbob.conducent.com
127.0.0.1 nid.conducent.com
127.0.0.1 nid.timesink.com
127.0.0.1 nidinternal.conducent.com
127.0.0.1 nidinternal.timesink.com
127.0.0.1 nidinternaltest.conducent.com
127.0.0.1 nidtest.conducent.com
127.0.0.1 nidtest.timesink.com
127.0.0.1 nt2.conducent.com
127.0.0.1 pop3.conducent.com
127.0.0.1 pop3.timesink.com
127.0.0.1 proxytest.conducent.com
127.0.0.1 pushv5.conducent.com
127.0.0.1 redirectqa.conducent.com
127.0.0.1 redirects.conducent.com
127.0.0.1 redirects.timesink.com
127.0.0.1 redirecttest.conducent.com
127.0.0.1 smtp.conducent.com
127.0.0.1 smtp.timesink.com
127.0.0.1 softwares.conducent.com
127.0.0.1 softwares.timesink.com
127.0.0.1 sterlinga.conducent.com
127.0.0.1 sterlingf.conducent.com
127.0.0.1 updates2.conducent.com
127.0.0.1 updatetest.conducent.com
127.0.0.1 warsport.timesink.com
127.0.0.1 conducent.com
127.0.0.1 test.conducent.com
127.0.0.1 test.timesink.com
127.0.0.1 zeus.conducent.com
127.0.0.1 zeus.timesink.com
127.0.0.1 bob.web3000.com
127.0.0.1 tasha.web3000.com
127.0.0.1 web3000.com
127.0.0.1 7.web3000.com
127.0.0.1 abbott.radiate.com
127.0.0.1 ad2-1.aureate.com
127.0.0.1 ad2-2.aureate.com
127.0.0.1 ad2-3.aureate.com
127.0.0.1 ad2-4.aureate.com
127.0.0.1 adam.radiate.com
127.0.0.1 adserv2-301-sjc2.radiate.com
127.0.0.1 adserv3-408-sjc2.radiate.com
127.0.0.1 adsoftware.com
127.0.0.1 aim.adsoftware.com
127.0.0.1 aim.aureate.com
127.0.0.1 aim1.adsoftware.com
127.0.0.1 aim1.aureate.com
127.0.0.1 aim2.adsoftware.com
127.0.0.1 aim2.aureate.com
127.0.0.1 aim3.adsoftware.com
127.0.0.1 aim3.aureate.com
127.0.0.1 aim4.adsoftware.com
127.0.0.1 aim4.aureate.com
127.0.0.1 aim5.adsoftware.com
127.0.0.1 aim5.aureate.com
127.0.0.1 aim6.adsoftware.com
127.0.0.1 alexander.aureate.com
127.0.0.1 ans-test.adsoftware.com
127.0.0.1 ans1.adsoftware.com
127.0.0.1 ans10.adsoftware.com
127.0.0.1 ans2.adsoftware.com
127.0.0.1 ans3.adsoftware.com
127.0.0.1 apc-pdu-1.aureate.com
127.0.0.1 apc-pdu-2.aureate.com
127.0.0.1 aristotle.aureate.com
127.0.0.1 ask-a-chick.com
127.0.0.1 aureate-colo-hp2424m.aureate.com
127.0.0.1 aureate-main-2611.aureate.com
127.0.0.1 aureate.com
127.0.0.1 aureatemedia.com
127.0.0.1 bach.aureate.com
127.0.0.1 bc-208-184-172-192.radiate.com
127.0.0.1 bigmama.radiate.com
127.0.0.1 binarybliss.com
127.0.0.1 bonnie2.radiate.com
127.0.0.1 brinks.radiate.com
127.0.0.1 brutus.radiate.com
127.0.0.1 caesar.aureate.com
127.0.0.1 confucius.aureate.com
127.0.0.1 constantine.aureate.com
127.0.0.1 cook.aureate.com
127.0.0.1 copernicus.aureate.com
127.0.0.1 corona.radiate.com
127.0.0.1 costello.radiate.com
127.0.0.1 curly.aureate.com
127.0.0.1 cyrus.aureate.com
127.0.0.1 deadmanwalking.radiate.com
127.0.0.1 dell.radiate.com
127.0.0.1 dillinger.aureate.com
127.0.0.1 dolphinsfootball.com
127.0.0.1 dosequis.radiate.com
127.0.0.1 download.binarybliss.com
127.0.0.1 foreigner.radiate.com
127.0.0.1 freud.aureate.com
127.0.0.1 ftp.gozilla.com
127.0.0.1 gameboy.aureate.com
127.0.0.1 gd1.radiate.com
127.0.0.1 gizmo.net
127.0.0.1 godzilla.radiate.com
127.0.0.1 gozilla.com
127.0.0.1 group-mail.com
127.0.0.1 gzs-6509.radiate.com
127.0.0.1 gzs-7206.radiate.com
127.0.0.1 gzs-ld.radiate.com
127.0.0.1 h-208-184-172-10.radiate.com
127.0.0.1 h-208-184-172-100.radiate.com
127.0.0.1 mm.delfinproject.com
127.0.0.1 www.mm.delfinproject.com
127.0.0.1 http://www.perfectedsecurity.com/
127.0.0.1 www.ad.yieldmanager.com
127.0.0.1 www.ads.vitalix.net
127.0.0.1 www.zedo.net
127.0.0.1 puritysweep.com
127.0.0.1 winantivirus.com
127.0.0.1 virusburst.com
127.0.0.1 spyaxe.com
127.0.0.1 pesttrap.com
127.0.0.1 bravesentry.com
127.0.0.1 unspypc.com
127.0.0.1 spywarequake.info
127.0.0.1 spyaxe.biz
127.0.0.1 razespyware.net
127.0.0.1 alfacleaner.com
127.0.0.1 virusblast.com
127.0.0.1 udefender.com
127.0.0.1 clickspring.net
127.0.0.1 antivirus-gold.com
127.0.0.1 psguard.com
127.0.0.1 antispywaresoldier.com
127.0.0.1 pestwiper.com
127.0.0.1 malwarewipe.com
127.0.0.1 winantispyware.com
127.0.0.1 ultimatecleaner.com
127.0.0.1 razespyware.com
127.0.0.1 winhound.com
127.0.0.1 spy-sheriff.com
127.0.0.1 winantispy.com
127.0.0.1 spysheriff.com
127.0.0.1 pest-wiper.com
127.0.0.1 winsoftware.com
127.0.0.1 spyfalcon.com
127.0.0.1 malwarewiped.com
127.0.0.1 spyaxe.net
127.0.0.1 purityscan.com
127.0.0.1 anti-virus-pro.com
127.0.0.1 spyspotter.com
127.0.0.1 spyshield.org
127.0.0.1 spyheal.com
127.0.0.1 antivirusgolden.com
127.0.0.1 antivermins.com
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
-
I need to you to review my previous instructions concerning:
AVG Anti-Spyware - 2nd Part
Please ensure that you run and post the results of the AVG scan, and your latest HJT log.
Tell us how your PC is now doing.
-
I showed no errors on the AVG results. Couldn't find file to post from AVG..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:03 AM, on 12/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\symantec\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Peter\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
D:\symantec\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\ymnyhaue.slt\prefs.j s)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Peter\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Peter\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NSWosCheck] D:\symantec\osCheck.exe
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-21-4000810977-2127399207-3186221942-1005\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Peter\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Peter\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\symantec\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\symantec\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/tech...rl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - https://www-secure.symantec.com/tech...rl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/def...andaonline.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/def...caploader1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.motortopia.com/ImageUploa...eUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {BE1BDC4F-2AAC-494E-88B1-86B2EE4F2D6D} (CopySafe3 Control) - http://download.copysafe.net/Plugin/...d/Copysafe.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - http://zone.msn.com/bingame/hsol/def...ebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} - http://www.zoomify.com/download/zoomify305.cab
O18 - Protocol: bw+0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {DC5F5529-5B4D-40AF-B3F5-DCD2E1CE012C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - D:\symantec\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\symantec\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
--
End of file - 26633 bytes
-
Let us see/review what is loaded on your PC:- Run HijackThis and Click Open the Misc Tools section button.
- Then click the Open Uninstall Manager… button.
- Click the Save list… button. Save uninstall_list to your desktop.
- Open the Uninstall list file and post in your next reply, please.
You ran AVG antivirus which is not what was requested. You now have two (2) real-time antivirus tools running at the same time - very undesirable and counterproductive to your PC. Please uninstall AVG antivirus and run AVG antispyware (a very different tool).
REBOOT and let us know how you PC is now behaving.
