Another "Hijack" log that needs checking THANKS

Two days ago I downloaded the latest version of cccleaner, I ran it and it took almost 11minutes to complete whereas it normally scans within 1-2 minutes. Since then some of my programs take forever to open (some like Nero..up to 3 minutes) so I uninstalled cccleaner but alas the problem still persists, so heres my log, Thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 9:40:59 AM, on 1/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe
c:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\xxxx xxxx\Desktop\all my copying programs\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.69:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/3,0,0,0/mvt.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4784/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bw+0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: pptp16 - pptp16.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


I go to open NeroVision and I'm told it's already running, I cant close it for some reason

 

Hi gwendolin,

Looks like you got Haxdoor. Let's get rid of that.


Download [bold]haxfix.exe[/bold] from here
and save it to the desktop.

* Double click on [bold]haxfix.exe[/bold] to install it.
* Checkmark "[bold]Create a desktop icon[/bold]".
* Click "[bold]Next[/bold]".
* When the installation is completed, make sure that the checkmark "[bold]Launch HaxFix[/bold]" is placed.
* Click "[bold]Finish[/bold]".

A red "dos window" (dos box) will open with options:
1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit Haxfix

* Select [bold]option 2[/bold]. Run auto fix by typing 2 and then pressing Enter.
If an infection is found, you'll get a message to close all other open windows.
* Close all open windows except the red dos window from haxfix and then press [bold]Enter[/bold].
* The computer will reboot.
* After reboot a logfile will open > (c:\haxfix.txt)

Please post the contents of haxfix.txt and a new HijackThis log.

 

@Niobis, Good to see you back into the swing of things. I did as you mentioned...nothing was detected so here's the new log.
Why does the logitech thingo (Number 18) come up so often.

BTW, Re booted comp and finally got Nero to close


Logfile of HijackThis v1.99.1
Scan saved at 2:50:05 PM, on 1/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\internet explorer\iexplore.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\xxxx xxxx\Desktop\all my copying programs\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.69:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/3,0,0,0/mvt.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4784/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bw+0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: pptp16 - pptp16.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

 

It's all the plug-ins for Logitech. If you want, you can add them to the ignore list so HijackThis will not list them in the logs.


Haxdoor is still there and it's still showing as missing. That may be the reason Haxfix didn't detect it.

Fix this with HijackThis:
O20 - Winlogon Notify: pptp16 - pptp16.dll (file missing)

Restart your computer.

Go here to run [bold]ActiveScan[/bold].
Click "[bold]Panda ActiveScan[/bold].
Fill in the form with your information.
After downloading, click [bold]My Computer[/bold] to scan.
When it finishes, click "[bold]See Report[/bold]".
Click "[bold]Save report[/bold]" and save it to the desktop.

Post the ActiveScan log along with a new HijackThis log.

 

edited

 

Boy, talk about drama, I started scanning at 9am, it scanned for 2 hours before I had to go out, at that stage it showed 2Virus...1Disinfected
Hacking Tools 3...0 Disinfected

When I came home my comp had shut down so I ran another scan, strange the Virus nor the Hacking Tools came up in this one, heres the scan and the latest Hijack This log.
MANY thanks for your assistance!!

NewsFlash: I thought I'd run another scan before I went to bed, at the bottom there is a pic

Logfile of HijackThis v1.99.1
Scan saved at 9:31:15 PM, on 1/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\ynton\Desktop\all my copying programs\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.69:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/3,0,0,0/mvt.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4784/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bw+0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: pptp16 - pptp16.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

SCAN

ncident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ynton\Application Data\Mozilla\Firefox\Profiles\z3g3p4u9.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\ynton\Application Data\Mozilla\Firefox\Profiles\z3g3p4u9.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\ynton\Application Data\Mozilla\Firefox\Profiles\z3g3p4u9.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\ynton\Application Data\Mozilla\Firefox\Profiles\z3g3p4u9.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\ynton\Cookies\ynton@casalemedia[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\ynton\Cookies\ynton@tribalfusion[1].txt
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\ynton\Desktop\crap\AresGalaxyClassic.exe[NNWARZ3_88.exe]
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\ynton\Desktop\crap\CEDP-Stealer-Setup.exe[SHNT288.exe]
Adware:Adware/nCase Not disinfected C:\Documents and Settings\ynton\Desktop\crap\CEDP-Stealer-Setup.exe[saap.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\ynton\Desktop\crap\CEDP-Stealer-Setup.exe[wh.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\ynton\Desktop\crap\CEDP-Stealer-Setup.exe[wh.exe][whAgent.inf]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\ynton\Desktop\crap\CEDP-Stealer-Setup.exe[wh.exe][whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\ynton\Desktop\crap\CEDP-Stealer-Setup.exe[wh.exe][whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\ynton\Desktop\crap\CEDP-Stealer-Setup.exe[wh.exe][whSurvey.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\ynton\Desktop\crap\CEDP-Stealer-Setup.exe[wh.exe][webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\ynton\Desktop\crap\CEDP-Stealer-Setup.exe[wh.exe][whiehlpr.dll]
Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\LocalService\Cookies\system@mysearch[2].txt
Adware:Adware/SaveNow Not disinfected C:\Program Files\MyEmoticons\My.Emo
Adware:Adware/SaveNow Not disinfected C:\Program Files\MyEmoticons\uninstall.exe
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\xmltok.dll
So much for McAfee RUBBISH

BTW: This scan took 6hours 10 minutes, is that normal



Heres the report on Virus and Hacking Tools

Hacktool:hacktool/rootkit.d Not disinfected c:\windows\system32\klo5.sys
Virus:bck/haxdoor.a Not disinfected Operating system
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}
Potentially unwanted tool:application/zango Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}

Just did a Spybot scan, heres the results

 

Okay, I don't know why Haxfix did not find anything when Haxdoor is clearly present on your computer.

No, but it does depend on the size of your hard drive(s).

Fix this with HjT:
O20 - Winlogon Notify: pptp16 - pptp16.dll (file missing)

Locate and delete these(if there):
C:\WINDOWS\System32\klo5.sys
C:\Documents and Settings\ynton\Desktop\crap\AresGalaxyClassic.exe
C:\Documents and Settings\ynton\Desktop\crap\CEDP-Stealer-Setup.exe
C:\Program Files\MyEmoticons\My.Emo
C:\Program Files\MyEmoticons\uninstall.exe
C:\WINDOWS\system32\xmltok.dll


Copy the following [bold]bold[/bold] text into Notepad.

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}]

Make sure there are no blank lines before REGEDIT4.
Name the file [bold]Fix.reg[/bold]
Change the "Save as Type" to [bold]All Files[/bold] and save it on the desktop.
Open the Fix.reg file and click Yes when prompted to merge.

Restart.

Download Rootkit Revealer from here.
Create a new folder, named RKR, in C:\
Extract the files to the new folder.
Open RootkitRevealer.exe.
Close all other windows and click "Scan".
Important: Leave the computer idle while the scan runs.
When the scan is finished, click File > Save... to save the text file to the C:\RKR\ folder.
Please post the log in your next reply.


Edit: Hope I caught my error in time.

 

I dont know if I've done it correctly or not, I ran the RKR scan and it came up with 5 Discrepencies found, I am trying to save it to c:\RKR\folder but the "hour Glass" is just sitting there and has been for at least 10 minutes.

I assume that this is the log you require (the discrepencies)

Probably not, what was it??

I am getting really pi##ed, it wont let me save it, I've run the scan 5 times

This is the best I can do, a photo image.

 

That's fine. A picture is just as good, thank you.

I'm concerned about the last entry. It should not be there.
Locate and delete the folder: Temporary Internet Files/Content.IE5/XG9YK4YU
If access is denied, delete it in safe mode.

I hadn't added the "[-]" to the reg fix. I think I caught it in time.

Post a new HjT log after deleting the folder.

 

I did a search and couldnt locate it,
Need a bit of help on this one, how do I locate it... heres the latest log

Logfile of HijackThis v1.99.1
Scan saved at 8:09:06 AM, on 1/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
c:\program files\internet explorer\iexplore.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\ynton\Desktop\all my copying programs\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.69:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/3,0,0,0/mvt.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4784/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bw+0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: A - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ANTHEA~1\LOCALS~1\Temp\A.exe
O23 - Service: FDEAD - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ANTHEA~1\LOCALS~1\Temp\FDEAD.exe
O23 - Service: HCYDUW - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ANTHEA~1\LOCALS~1\Temp\HCYDUW.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MRGQAGOIBKPOO - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ANTHEA~1\LOCALS~1\Temp\MRGQAGOIBKPOO.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVL - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ANTHEA~1\LOCALS~1\Temp\NVL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NZA - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ANTHEA~1\LOCALS~1\Temp\NZA.exe
O23 - Service: SBLQRQHCR - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ANTHEA~1\LOCALS~1\Temp\SBLQRQHCR.exe
O23 - Service: SEZAMWJ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ANTHEA~1\LOCALS~1\Temp\SEZAMWJ.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: UH - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ANTHEA~1\LOCALS~1\Temp\UH.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

 

Wow, Haxdoor is gone now, but look at all the new entires. *sigh*


Go here and download [bold]ATF Cleaner[/bold]. You'll use it later.

Then, go to Start > Run > type services.msc
Locate and double-click each of these:
A
FDEAD
HCYDUW
MRGQAGOIBKPOO
NVL
NZA
SBLQRQHCR
SEZAMWJ
UH
Beside "Startup type" click the drop down menu and select "Disabled" for each.
Close Services.

Open HijackThis.
Click "Open the misc tools section"
Click "Delete an NT service".
Copy/Paste each of these one at a time and click OK.
You will be prompted to restart after each, click NO all times.
O23 - Service: A - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ANTHEA~1\LOCALS~1\Temp\A.exe
O23 - Service: FDEAD - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ANTHEA~1\LOCALS~1\Temp\FDEAD.exe
O23 - Service: HCYDUW - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ANTHEA~1\LOCALS~1\Temp\HCYDUW.exe
O23 - Service: MRGQAGOIBKPOO - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ANTHEA~1\LOCALS~1\Temp\MRGQAGOIBKPOO.exe
O23 - Service: NVL - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ANTHEA~1\LOCALS~1\Temp\NVL.exe
O23 - Service: SBLQRQHCR - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ANTHEA~1\LOCALS~1\Temp\SBLQRQHCR.exe
O23 - Service: SEZAMWJ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ANTHEA~1\LOCALS~1\Temp\SEZAMWJ.exe
O23 - Service: UH - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ANTHEA~1\LOCALS~1\Temp\UH.exe
Close HijackThis.

Open ATF Cleaner.
Check "Select All".
Click "Empty Selected".

Restart.

Hopefully, this online scan will not take as long. If it is taking longer than 3-4 hours just cancel it.

Go here to run [bold]Kaspersky Online Scanner[/bold].
After downloading, click "[bold]My Computer[/bold]" to scan.
After scanning, click "[bold]Save report as[/bold]".
Save as a text file on the desktop.

Post the Kaspersky log and a new HjT log. Also, are things getting better? Notice any differences?

 

When you say this

Do you mean the ones highlighted in BOLD (the ones starting with 023)

 

Yes, and one at a time.

 

Thats what I thought, only one it found was the FDEAD , I'm running the kaspersky scan now, 70% complete, will be back to you shortly.

Scan now complete..Results..no malaware found, heres the log



Critical Areas
scan critical areas of your hard disks
specified in %windir% and %tmp% system variables
My Computer
scan all your hard and mapped disks
My Email
scan all your hard and mapped disks only for the following extensions: *.PST; *.MSG; *.OST; *.MDB; *.DBX; *.EML; *.MBS
Folders...
scan selected folders
A File...
scan a one file





Friday, January 05, 2007 1:43:31 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 5/01/2007
Kaspersky Anti-Virus database records: 241776


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 114178
Number of viruses found 0
Number of infected objects 0 / 0
Number of suspicious objects 0
Duration of the scan process 02:12:09

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Logs\Filtering.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd002.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\ynton\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped

C:\Documents and Settings\ynton\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\ynton\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped

C:\Documents and Settings\ynton\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal Object is locked skipped

C:\Documents and Settings\ynton\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped

C:\Documents and Settings\ynton\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal Object is locked skipped

C:\Documents and Settings\ynton\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped

C:\Documents and Settings\ynton\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\ynton\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\ynton\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\ynton\Local Settings\History\History.IE5\MSHist012007010520070106\index.dat Object is locked skipped

C:\Documents and Settings\ynton\Local Settings\Temp\hsperfdata_\ynton\128 Object is locked skipped

C:\Documents and Settings\ynton\Local Settings\Temp\~DF4E7D.tmp Object is locked skipped

C:\Documents and Settings\ynton\Local Settings\Temp\~DF91D.tmp Object is locked skipped

C:\Documents and Settings\ynton\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\ynton\My Documents\Nero Documents.doc Object is locked skipped

C:\Documents and Settings\ynton\ntuser.dat Object is locked skipped

C:\Documents and Settings\ynton\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{627C3B14-9681-4A7C-BEEA-16C412876161}\RP474\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\Program files\Incomplete\T-732837888-Hustle and Flow CD2.avi Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed

Heres the latest hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 1:56:58 PM, on 1/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
c:\program files\internet explorer\iexplore.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\ynton\Desktop\all my copying programs\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.69:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/3,0,0,0/mvt.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4784/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bw+0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Every time I do a Spybot scan this comes up, I fix it and it still keeps coming back

 

I am currently running another ActiveScan, and here's the results after 1 hour on...little buggers are still there.

 

Okay, let the ActiveScan finish, 'cause we'll need the log. Please post it when you can.

 

This is REALLY giving me the "Shites" because when I opened this page somehow it appeared in the window where the Active scan was, all I had in that window was part of the AD page, there was NO way I could recover the scan so I had to close it....it was going for 3+hours too. I uninstalled McAfee (worthless piece of Sh#t), installed AVG...and currently running that scan.

The shot I did take of the scan virtually showed the same, at that stage as yesterday....I'm sick of seeing my "hour glass".

AVG showed nothing so I am now commencing Activescan again, should take about 4-6 hours, will post results.

 

Heres a pic of final scan and report..also latest hijack log
Note: When it had scanned exactly 400 files, it paused at a file named Todo Mi PC and 1 Virus and 1 hacking tools and rootkit showed up and then later the rest appeared.



I dont know if this means anything but when I go to shut down the comp each one of these appear and I have to click end now

End Program: CDIRECTORY-Change watcher Held Wi and
End Program: NMINDEX Store SVR

Scan Report

Virus:bck/haxdoor.a Not disinfected Operating system
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}
Potentially unwanted tool:application/zango Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}
Spyware:spyware/new.net Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ton\Application Data\Mozilla\Firefox\Profiles\z3g3p4u9.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\nton\Application Data\Mozilla\Firefox\Profiles\z3g3p4u9.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\nton\Cookies\nton@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\nton\Cookies\nton@ad.yieldmanager[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\nton\Cookies\nton@burstnet[1].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\nton\Cookies\nton@cdfreaks[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\nton\Cookies\nton@club.cdfreaks[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\nton\Cookies\nton@tribalfusion[1].txt
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\nton\Desktop\crap\AresGalaxyClassic.exe[NNWARZ3_88.exe]
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\nton\Desktop\crap\CEDP-Stealer-Setup.exe[SHNT288.exe]
Adware:Adware/nCase Not disinfected C:\Documents and Settings\nton\Desktop\crap\CEDP-Stealer-Setup.exe[saap.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\nton\Desktop\crap\CEDP-Stealer-Setup.exe[wh.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\nton\Desktop\crap\CEDP-Stealer-Setup.exe[wh.exe][whAgent.inf]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\nton\Desktop\crap\CEDP-Stealer-Setup.exe[wh.exe][whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\nton\Desktop\crap\CEDP-Stealer-Setup.exe[wh.exe][whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\nton\Desktop\crap\CEDP-Stealer-Setup.exe[wh.exe][whSurvey.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\nton\Desktop\crap\CEDP-Stealer-Setup.exe[wh.exe][webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\nton\Desktop\crap\CEDP-Stealer-Setup.exe[wh.exe][whiehlpr.dll]
Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\LocalService\Cookies\system@mysearch[2].txt
Adware:Adware/SaveNow Not disinfected C:\Program Files\MyEmoticons\My.Emo
Adware:Adware/SaveNow Not disinfected C:\Program Files\MyEmoticons\uninstall.exe
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\xmltok.dll



Logfile of HijackThis v1.99.1
Scan saved at 6:24:08 PM, on 1/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
c:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\nton\Desktop\all my copying programs\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.69:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/3,0,0,0/mvt.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4784/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bw+0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {6C26BC7B-1D63-4DEA-A8D6-64507DD1A831} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

 

Haxdoor is still present. Make sure you've got the latest version of Haxfix(4.34) and run Option 1. Post the log it produces, please.

 

Heres the log created...I mistakenly hit option 2 first.

HAXFIX logfile - by Marckie

version 4.34
Sun 01/07/2007 11:03:37.37

--- Checking for Haxdoor ---

checking for a3d files
a3d files found
ps.a3d
redir2.a3d

checking for matching notify keys
no matching notify keys found

checking for matching services
matching services found
pptp16
pptp24

checking for matching safeboot services
matching safeboot services found
pptp16.sys
pptp24.sys

checking for other Haxdoor-files
no other Haxdoor-files found


--- Checking for Goldun ---


checking for SSODL keys
no ssodl keys found

checking for notify keys
no notify keys found

checking for services
no services found

checking for other Goldun-files
no other Goldun-files found


Finished!

I just did another ActiveScan on first 400 files, here the log


Incident Status Location

Hacktool:hacktool/rootkit.d Not disinfected c:\windows\system32\klo5.sys
Virus:bck/haxdoor.a Not disinfected Operating system
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}
Potentially unwanted tool:application/zango Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}
Spyware:spyware/new.net Not disinfected Windows Registry