For about a week now I have been getting virus and spyware alerts from Norton and CounterSpy. Most of them have been for WinFixer and WinAntiSpy though there have been a few more. These programs always say that they have resolved the issue but the problems persist. The problem: My browser keeps getting hijacked and re-routed to webpages about spyware tools, antivirus tools, and advertising pages. I have run CounterSpy, Norton, XoftSpySE, Ad-Aware Pro, Microsofts Malicious Software Removal Tool, and HiJack This. I humbly request that someone more knowledgeble than myself look over my HJT log and my Ad-Aware log and see if you can help me. HJT Log: Logfile of HijackThis v1.99.1 Scan saved at 7:32:52 AM, on 10/19/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\BitComet\BitComet.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\CarpeNocturnal\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: localhost 127.0.0.1 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Program\ereg.exe" -r "C:\Program Files\Nuance\NaturallySpeaking9\Program\ereg.ini" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [dmbru.exe] C:\WINDOWS\system32\dmbru.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1686E339-51BC-494E-A870-AD5D75B89514}: NameServer = 85.255.115.34,85.255.112.112 O17 - HKLM\System\CCS\Services\Tcpip\..\{38E78F81-74BC-4879-A1C3-1307078EFD5C}: NameServer = 85.255.115.34,85.255.112.112 O17 - HKLM\System\CCS\Services\Tcpip\..\{7000BAE8-8C4A-4AEF-84F3-F161AC1182BA}: NameServer = 85.255.115.34,85.255.112.112 O17 - HKLM\System\CCS\Services\Tcpip\..\{97CF1EDD-06EE-4568-A951-F55B699F7EAB}: NameServer = 85.255.115.34,85.255.112.112 O17 - HKLM\System\CCS\Services\Tcpip\..\{E83B9D7A-976D-4D3D-9A64-A57E6F7FC952}: NameServer = 85.255.115.34,85.255.112.112 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.112 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.112 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.112 O18 - Protocol: bw+0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - AppInit_DLLs: O20 - Winlogon Notify: winpto32 - winpto32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Ad-Aware Log: Ad-Aware SE Build 1.06r1 Logfile Created on:Wednesday, October 18, 2006 8:50:01 PM Using definitions file:SE1R127 17.10.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):40 total references Possible Browser Hijack attempt(TAC index:3):4 total references Tracking Cookie(TAC index:3):16 total references Windows(TAC index:3):1 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Ignore spanned files when scanning cab archives Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Block pop-ups aggressively Set : Automatically select problematic objects in results lists Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Show splash screen Set : Backup current definitions file before updating Set : Play sound at scan completion if scan locates critical objects 10-18-2006 8:50:01 PM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\CarpeNocturnal\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\CarpeNocturnal\recent Description : list of recently opened documents MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent file list Description : list of recently used files in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent page list Description : list of recently used pages in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent web list Description : list of recently used webs in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\nvidia corporation\global\nview\windowmanagement Description : nvidia nview cached application window positions MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\realnetworks\realplayer\6.0\preferences Description : last login time in realplayer MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1202660629-1214440339-725345543-1003\software\winrar\dialogedithistory\extrpath Description : winrar "extract-to" history Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 684 ThreadCreationTime : 10-18-2006 4:16:04 AM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 740 ThreadCreationTime : 10-18-2006 4:16:07 AM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 784 ThreadCreationTime : 10-18-2006 4:16:13 AM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 836 ThreadCreationTime : 10-18-2006 4:16:14 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 848 ThreadCreationTime : 10-18-2006 4:16:14 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1076 ThreadCreationTime : 10-18-2006 4:16:33 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1144 ThreadCreationTime : 10-18-2006 4:16:34 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1256 ThreadCreationTime : 10-18-2006 4:16:35 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1372 ThreadCreationTime : 10-18-2006 4:16:36 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1460 ThreadCreationTime : 10-18-2006 4:16:36 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [ccsetmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1572 ThreadCreationTime : 10-18-2006 4:16:37 AM BasePriority : Normal FileVersion : 104.0.8.3 ProductVersion : 104.0.8.3 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:12 [ccevtmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1604 ThreadCreationTime : 10-18-2006 4:16:38 AM BasePriority : Normal FileVersion : 104.0.8.3 ProductVersion : 104.0.8.3 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:13 [sndsrvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1984 ThreadCreationTime : 10-18-2006 4:16:45 AM BasePriority : Normal FileVersion : 6.0.4.402 ProductVersion : 6.0 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002 - 2006 Symantec Corporation OriginalFilename : SndSrvc.exe #:14 [spbbcsvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\ ProcessID : 228 ThreadCreationTime : 10-18-2006 4:16:47 AM BasePriority : Normal FileVersion : 2.1.0.4 ProductVersion : 2.1.0.4 ProductName : SPBBC CompanyName : Symantec Corporation FileDescription : SPBBC Service InternalName : SPBBCSvc LegalCopyright : Copyright (c) 2004, 2005 Symantec Corporation. All rights reserved. OriginalFilename : SPBBCSvc.exe #:15 [symlcsvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\ ProcessID : 304 ThreadCreationTime : 10-18-2006 4:16:47 AM BasePriority : Normal FileVersion : 1.9.1.762 ProductVersion : 1.9.1.762 ProductName : Symantec Core Component CompanyName : Symantec Corporation FileDescription : Symantec Core Component InternalName : symlcsvc LegalCopyright : Copyright (C) 2003 OriginalFilename : symlcsvc.exe #:16 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 296 ThreadCreationTime : 10-18-2006 4:16:48 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:17 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 480 ThreadCreationTime : 10-18-2006 4:16:52 AM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:18 [aluschedulersvc.exe] FilePath : C:\Program Files\Symantec\LiveUpdate\ ProcessID : 400 ThreadCreationTime : 10-18-2006 4:16:59 AM BasePriority : Normal FileVersion : 3.0.0.166 ProductVersion : 3.0.0.166 ProductName : LiveUpdate CompanyName : Symantec Corporation FileDescription : Automatic LiveUpdate Scheduler Service InternalName : Automatic LiveUpdate Scheduler Service LegalCopyright : Copyright © 1996-2005 Symantec Corporation OriginalFilename : ALUSchedulerSvc.exe #:19 [btntservice.exe] FilePath : C:\Program Files\IVT Corporation\BlueSoleil\ ProcessID : 200 ThreadCreationTime : 10-18-2006 4:17:00 AM BasePriority : High #:20 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1200 ThreadCreationTime : 10-18-2006 4:17:01 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:21 [mdm.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\ ProcessID : 1136 ThreadCreationTime : 10-18-2006 4:17:01 AM BasePriority : Normal FileVersion : 7.00.9466 ProductVersion : 7.00.9466 ProductName : Microsoft® Visual Studio .NET CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : mdm.exe #:22 [navapsvc.exe] FilePath : C:\Program Files\Norton AntiVirus\ ProcessID : 1340 ThreadCreationTime : 10-18-2006 4:17:01 AM BasePriority : Normal FileVersion : 12.2.0.13 ProductVersion : 12.2.0 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:23 [npfmntor.exe] FilePath : C:\Program Files\Norton AntiVirus\IWP\ ProcessID : 1536 ThreadCreationTime : 10-18-2006 4:17:04 AM BasePriority : Normal FileVersion : 12.2.0.13 ProductVersion : 12.2.0 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Firewall Install Monitor InternalName : NPFMonitor LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved. OriginalFilename : NPFMonitor.EXE #:24 [nvsvc32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1020 ThreadCreationTime : 10-18-2006 4:17:05 AM BasePriority : Normal FileVersion : 6.14.10.9131 ProductVersion : 6.14.10.9131 ProductName : NVIDIA Driver Helper Service, Version 91.31 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 91.31 InternalName : NVSVC LegalCopyright : (C) NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:25 [hpzipm12.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1656 ThreadCreationTime : 10-18-2006 4:17:06 AM BasePriority : Normal FileVersion : 10, 1, 1, 2 ProductVersion : 10, 1, 1, 2 ProductName : HP PML CompanyName : HP FileDescription : PML Driver InternalName : PmlDrv LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company OriginalFilename : PmlDrv.exe #:26 [sunthreatengine.exe] FilePath : C:\Program Files\Sunbelt Software\CounterSpy\Consumer\ ProcessID : 1664 ThreadCreationTime : 10-18-2006 4:17:06 AM BasePriority : Normal FileVersion : 1.02.0097 ProductVersion : 1.02.0097 ProductName : CounterSpy CompanyName : Sunbelt Software FileDescription : CounterSpy Threat Audit Engine InternalName : sunThreatEngine LegalCopyright : Copyright © 2002-2005 Sunbelt Software. All rights reserved. OriginalFilename : sunThreatEngine.exe #:27 [starwindservice.exe] FilePath : C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\ ProcessID : 1724 ThreadCreationTime : 10-18-2006 4:17:07 AM BasePriority : Normal FileVersion : 2.6.1 Build 0x20050401 ProductVersion : 2.6.1 Build 0x20050401 ProductName : StarWind CompanyName : Rocket Division Software FileDescription : StarWind iSCSI Target (Alcohol Edition) InternalName : StarWind LegalCopyright : Copyright (c) Rocket Division Software 2003-2005. All rights reserved. OriginalFilename : StarWind #:28 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1736 ThreadCreationTime : 10-18-2006 4:17:07 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:29 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1800 ThreadCreationTime : 10-18-2006 4:17:14 AM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:30 [sunprotectionserver.exe] FilePath : C:\Program Files\Sunbelt Software\CounterSpy\Consumer\ ProcessID : 2476 ThreadCreationTime : 10-18-2006 4:17:59 AM BasePriority : Normal FileVersion : 1.02.0097 ProductVersion : 1.02.0097 ProductName : CounterSpy CompanyName : Sunbelt Software FileDescription : CounterSpy Active Protection InternalName : SunProtectionServer LegalCopyright : Copyright © 2002-2005 Sunbelt Software. All rights reserved. OriginalFilename : SunProtectionServer.exe #:31 [ccapp.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 2500 ThreadCreationTime : 10-18-2006 4:18:00 AM BasePriority : Normal FileVersion : 104.0.8.3 ProductVersion : 104.0.8.3 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec User Session InternalName : ccApp LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:32 [pwrisovm.exe] FilePath : C:\Program Files\PowerISO\ ProcessID : 2568 ThreadCreationTime : 10-18-2006 4:18:02 AM BasePriority : Normal #:33 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2768 ThreadCreationTime : 10-18-2006 4:18:12 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Run a DLL as an App InternalName : rundll LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : RUNDLL.EXE #:34 [launch~1.exe] FilePath : C:\PROGRA~1\Nokia\NOKIAP~1\ ProcessID : 2812 ThreadCreationTime : 10-18-2006 4:18:16 AM BasePriority : Normal #:35 [sunserver.exe] FilePath : C:\Program Files\Sunbelt Software\CounterSpy\Consumer\ ProcessID : 2904 ThreadCreationTime : 10-18-2006 4:18:19 AM BasePriority : Normal FileVersion : 1.05.0082 ProductVersion : 1.05.0082 ProductName : CounterSpy CompanyName : Sunbelt Software InternalName : SunServer LegalCopyright : Copyright © 2002-2005 Sunbelt Software. All rights reserved. OriginalFilename : SunServer.exe #:36 [issch.exe] FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\ ProcessID : 2996 ThreadCreationTime : 10-18-2006 4:18:29 AM BasePriority : Normal FileVersion : 4, 10, 100, 25539 ProductVersion : 4, 10 ProductName : InstallShield Update Service CompanyName : InstallShield Software Corporation FileDescription : InstallShield Update Service Scheduler InternalName : Scheduler LegalCopyright : Copyright (C) 1990-2004 InstallShield Software Corporation OriginalFilename : issch.exe #:37 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3020 ThreadCreationTime : 10-18-2006 4:18:31 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:38 [skype.exe] FilePath : C:\Program Files\Skype\Phone\ ProcessID : 3352 ThreadCreationTime : 10-18-2006 4:18:51 AM BasePriority : Normal #:39 [pcsync2.exe] FilePath : C:\Program Files\Nokia\Nokia PC Suite 6\ ProcessID : 3508 ThreadCreationTime : 10-18-2006 4:18:59 AM BasePriority : Normal FileVersion : 2.00 (506) ProductVersion : 2.00 ProductName : PC Sync CompanyName : Time Information Services Ltd. FileDescription : PC Sync InternalName : PcSync2 LegalCopyright : Copyright © Time I.S. Ltd. 2002 - 2006 OriginalFilename : PcSync2.EXE #:40 [servicelayer.exe] FilePath : C:\Program Files\Common Files\PCSuite\Services\ ProcessID : 3536 ThreadCreationTime : 10-18-2006 4:19:02 AM BasePriority : Normal FileVersion : 6, 81, 60, 0 ProductVersion : 6.0 ProductName : PC Connectivity Solution CompanyName : Nokia. FileDescription : ServiceLayer Module InternalName : ServiceLayer LegalCopyright : Copyright © 2002-2006 Nokia. All Rights Reserved. OriginalFilename : ServiceLayer.exe #:41 [bluesoleil.exe] FilePath : C:\Program Files\IVT Corporation\BlueSoleil\ ProcessID : 3864 ThreadCreationTime : 10-18-2006 4:19:39 AM BasePriority : High FileVersion : 1, 6, 1, 0 ProductVersion : 1, 6, 1, 0 ProductName : BlueSoleil CompanyName : IVT Corporation FileDescription : Bluetooth Application InternalName : BlueSoleil LegalCopyright : Copyright (C) 2000-2004 LegalTrademarks : BlueSoleil OriginalFilename : BlueSol.exe #:42 [hpqtra08.exe] FilePath : C:\Program Files\HP\Digital Imaging\bin\ ProcessID : 3924 ThreadCreationTime : 10-18-2006 4:19:47 AM BasePriority : Normal FileVersion : 61.0.163.000 ProductVersion : 061.000.163.000 ProductName : hp digital imaging CompanyName : Hewlett-Packard Development Company, L.P. FileDescription : HP Digital Imaging Monitor InternalName : HPQTRA00 LegalCopyright : Copyright (C) Hewlett-Packard Development Company, L.P. 1995-2005 OriginalFilename : HPQTRA00.EXE Comments : HP Digital Imaging Monitor #:43 [mpapi3s.exe] FilePath : C:\PROGRA~1\COMMON~1\Nokia\MPAPI\ ProcessID : 3948 ThreadCreationTime : 10-18-2006 4:19:56 AM BasePriority : Normal FileVersion : 6.81.161.1 ProductVersion : 6.0 ProductName : Nokia Connectivity Library CompanyName : Nokia Corporation FileDescription : Mobile Phone API InternalName : MPAPI LegalCopyright : Copyright © 1999-2006 Nokia. All Rights Reserved OriginalFilename : MPAPI.EXE #:44 [nscsrvce.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\Security Console\ ProcessID : 2084 ThreadCreationTime : 10-18-2006 4:20:30 AM BasePriority : Normal FileVersion : 2006.1.6.2 ProductVersion : 2006.1.6 ProductName : Norton Security Console CompanyName : Symantec Corporation FileDescription : Norton Security Console Norton Protection Center Service InternalName : NSCService LegalCopyright : Norton Security Console 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved. OriginalFilename : NSCSrvce.exe #:45 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2472 ThreadCreationTime : 10-18-2006 4:20:54 AM BasePriority : Normal FileVersion : 5.8.0.2469 built by: lab01_n(wmbla) ProductVersion : 5.8.0.2469 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:46 [hpqste08.exe] FilePath : C:\Program Files\HP\Digital Imaging\bin\ ProcessID : 2216 ThreadCreationTime : 10-18-2006 4:21:49 AM BasePriority : Normal FileVersion : 61.0.163.000 ProductVersion : 061.000.163.000 ProductName : hp digital imaging CompanyName : Hewlett-Packard Development Company, L.P. FileDescription : HP CUE Status InternalName : HPQSTS00 LegalCopyright : Copyright (C) Hewlett-Packard Development Company, L.P. 1995-2005 OriginalFilename : HPQSTS00.EXE Comments : HP CUE Status #:47 [adc.exe] FilePath : C:\Program Files\XemiComputers\Active Desktop Calendar\ ProcessID : 3144 ThreadCreationTime : 10-18-2006 4:25:56 AM BasePriority : Normal FileVersion : 5, 9, 9, 0 ProductVersion : 5, 9, 9, 0 ProductName : Active Desktop Calendar Application CompanyName : XemiComputers ltd. FileDescription : Active Desktop Calendar Application InternalName : Active Desktop Calendar LegalCopyright : Copyright (C) 2006 OriginalFilename : ADC.exe #:48 [yahoom~1.exe] FilePath : C:\PROGRA~1\Yahoo!\MESSEN~1\ ProcessID : 3048 ThreadCreationTime : 10-18-2006 4:28:39 AM BasePriority : Normal FileVersion : 8,0,0,716 ProductVersion : 8,0,0,716 ProductName : Yahoo! Messenger CompanyName : Yahoo! Inc. FileDescription : Yahoo! Messenger LegalCopyright : (c) 1998-2006 Yahoo! Inc. All rights reserved. #:49 [bitcomet.exe] FilePath : C:\Program Files\BitComet\ ProcessID : 2924 ThreadCreationTime : 10-18-2006 5:33:55 AM BasePriority : Normal FileVersion : 0.69 ProductVersion : 0.69 ProductName : BitComet CompanyName : www.BitComet.com FileDescription : BitComet - a BitTorrent Client InternalName : BitComet.exe LegalCopyright : Copyright(C) 2003-2005 All Rights Reserved. #:50 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ProcessID : 2580 ThreadCreationTime : 10-18-2006 6:08:12 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE #:51 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\ ProcessID : 3496 ThreadCreationTime : 10-18-2006 6:49:21 PM BasePriority : Normal FileVersion : 6.2.0.238 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 40 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Windows Object Recognized! Type : RegData Data : "%1" /s "%3" TAC Rating : 3 Category : Vulnerability Comment : Rootkey : HKEY_CLASSES_ROOT Object : scrfile\shell\open\command Value : Data : "%1" /s "%3" Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 41 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 41 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : carpenocturnal@mediaplex[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:7 Value : Cookie:carpenocturnal@mediaplex.com/ Expires : 6-22-2009 2:00:00 AM LastSync : Hits:7 UseCount : 0 Hits : 7 Tracking Cookie Object Recognized! Type : IECache Entry Data : carpenocturnal@ads.pointroll[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:23 Value : Cookie:carpenocturnal@ads.pointroll.com/ Expires : 1-1-2010 2:00:00 AM LastSync : Hits:23 UseCount : 0 Hits : 23 Tracking Cookie Object Recognized! Type : IECache Entry Data : carpenocturnal@ads.addynamix[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:14 Value : Cookie:carpenocturnal@ads.addynamix.com/ Expires : 10-19-2006 8:30:44 PM LastSync : Hits:14 UseCount : 0 Hits : 14 Tracking Cookie Object Recognized! Type : IECache Entry Data : carpenocturnal@c5.zedo[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:carpenocturnal@c5.zedo.com/ Expires : 11-1-2006 10:01:20 AM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : carpenocturnal@doubleclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:14 Value : Cookie:carpenocturnal@doubleclick.net/ Expires : 10-17-2009 4:38:18 AM LastSync : Hits:14 UseCount : 0 Hits : 14 Tracking Cookie Object Recognized! Type : IECache Entry Data : carpenocturnal@advertising[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:6 Value : Cookie:carpenocturnal@advertising.com/ Expires : 10-17-2011 7:27:52 AM LastSync : Hits:6 UseCount : 0 Hits : 6 Tracking Cookie Object Recognized! Type : IECache Entry Data : carpenocturnal@questionmarket[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:carpenocturnal@questionmarket.com/ Expires : 12-9-2007 7:02:02 AM LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : carpenocturnal@hitbox[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:carpenocturnal@hitbox.com/ Expires : 10-18-2007 6:51:08 AM LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : carpenocturnal@atdmt[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:15 Value : Cookie:carpenocturnal@atdmt.com/ Expires : 10-17-2011 2:00:00 AM LastSync : Hits:15 UseCount : 0 Hits : 15 Tracking Cookie Object Recognized! Type : IECache Entry Data : carpenocturnal@bravenet[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:carpenocturnal@bravenet.com/ Expires : 11-17-2006 8:28:54 PM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : carpenocturnal@revenue[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:carpenocturnal@revenue.net/ Expires : 6-10-2022 7:05:42 AM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : carpenocturnal@targetnet[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:carpenocturnal@targetnet.com/ Expires : 5-18-2033 5:33:20 AM LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : carpenocturnal@please[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:carpenocturnal@ad2.billboard.cz/please/ Expires : 9-16-2007 5:13:24 PM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : carpenocturnal@zedo[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:10 Value : Cookie:carpenocturnal@zedo.com/ Expires : 10-15-2016 7:36:10 AM LastSync : Hits:10 UseCount : 0 Hits : 10 Tracking Cookie Object Recognized! Type : IECache Entry Data : carpenocturnal@ehg-knightridder.hitbox[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:carpenocturnal@ehg-knightridder.hitbox.com/ Expires : 10-18-2007 6:51:08 AM LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : carpenocturnal@perf.overture[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:carpenocturnal@perf.overture.com/ Expires : 10-17-2010 5:22:24 AM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 16 Objects found so far: 57 Deep scanning and examining files (C »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 57 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 57 Possible Browser Hijack attempt Object Recognized! Type : File Data : http--ads.amateurmatch.com-iframe-ainfo=NTc3OXwx&atcc=0&vKey=djEuMDQ=&non_nude=1&top_text=TWVldCBMb2NhbCBHaXJscyBpbiAjTE9DQVRJT04jIQ==&axis=b&num=6&num_y=5&pic_border=1&target=1&endAge=38.url TAC Rating : 3 Category : Misc Comment : Problematic URL discovered: http://ads.amateurmatch.com/iframe/...num=6&num_y=5&pic_border=1&target=1&endAge=38 Object : C:\Documents and Settings\CarpeNocturnal\Favorites\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Seznam Erotika.url TAC Rating : 3 Category : Misc Comment : Problematic URL discovered: http://katalog.seznam.cz/Erotika/ Object : C:\Documents and Settings\CarpeNocturnal\Favorites\Links\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Seznam vyhledávání výrazu lolity age 15.url TAC Rating : 3 Category : Misc Comment : Problematic URL discovered: http://search.seznam.cz/searchScreen?w=lolity+age+15&mod=f Object : C:\Documents and Settings\CarpeNocturnal\Favorites\Links\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Seznam Slovník.url TAC Rating : 3 Category : Misc Comment : Problematic URL discovered: http://slovnik.seznam.cz/search.py?wd=turmeric&lg=en_cz Object : C:\Documents and Settings\CarpeNocturnal\Desktop\ Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 61 9:14:57 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:24:55.907 Objects scanned:200260 Objects identified:21 Objects ignored:0 New critical objects:21 I hope someone can help me with this. Thank you, in advance, for all who try.
This is for one fix, there are other bad entires, but we will address those after fixing Wareout. [bold]Note[/bold]: Print or copy these instructions to Notepad for reference, you will have to restart your computer during the fix. Please download FixWareout from here Save it to your desktop and run it. Click Next, then click Install. Then make sure "Run fixit" is checked and click Finish. The fix will begin. Follow the prompts. You will be asked to reboot your computer, please do so. Your system may take longer than usual to load, this is normal. When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items: [bold]O1 - Hosts: localhost 127.0.0.1 O4 - HKLM\..\Run: [dmbru.exe] C:\WINDOWS\system32\dmbru.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{1686E339-51BC-494E-A870-AD5D75B89514}: NameServer = 85.255.115.34,85.255.112.112 O17 - HKLM\System\CCS\Services\Tcpip\..\{38E78F81-74BC-4879-A1C3-1307078EFD5C}: NameServer = 85.255.115.34,85.255.112.112 O17 - HKLM\System\CCS\Services\Tcpip\..\{7000BAE8-8C4A-4AEF-84F3-F161AC1182BA}: NameServer = 85.255.115.34,85.255.112.112 O17 - HKLM\System\CCS\Services\Tcpip\..\{97CF1EDD-06EE-4568-A951-F55B699F7EAB}: NameServer = 85.255.115.34,85.255.112.112 O17 - HKLM\System\CCS\Services\Tcpip\..\{E83B9D7A-976D-4D3D-9A64-A57E6F7FC952}: NameServer = 85.255.115.34,85.255.112.112 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.112 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.112 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.112 [/bold] Click Fix Checked. Close HijackThis, and click OK to proceed. At the end of the fix, you may need to restart your computer again. Please post back with the contents of C:\fixwareout\report.txt, along with a new HijackThis log.
Ok... Just did all of that (Thank you SOOOOO much for the assistance!) Here are the logs: Fixwareout: Fixwareout ver 1.003 Last edited 8/11/2006 Post this report in the forums please Reg Entries that were deleted ... Microsoft (R) Windows Script Host Version 5.6 Random Runs removed from HKLM "dmagw.exe"=- ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... »»»»» Search five digit cs, dm and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal C:\WINDOWS\SYSTEM32\CSOQP.EXE 51,714 2006-10-15 C:\WINDOWS\SYSTEM32\DMAGW.EXE 60,949 2005-04-07 Other suspects. Directory of C:\WINDOWS\system32 »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. Just for the record... I saw that the Fixwareout brought up dmagw.exe. I have a list of .exe's that my CounterSpy program keeps allowing to be assigned to the startup evertime I have rebooted over the last couple of days. There were about 6 others, but I didn't start writing them down immediately, so I only have a total of 3 including the one that fixwareout mentioned. The others are dmnuv.exe and dmsmh.exe. I don't know that they are problematic but I thought it strange that a different one was listed on each startup and wondered if there was a program that was running in the background installing them. Or I may be paranoid... Ideas? HiJack This: Logfile of HijackThis v1.99.1 Scan saved at 8:51:24 AM, on 10/20/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Documents and Settings\CarpeNocturnal\Desktop\New Wonders\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Program\ereg.exe" -r "C:\Program Files\Nuance\NaturallySpeaking9\Program\ereg.ini" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab O18 - Protocol: bw+0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - AppInit_DLLs: O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe As much as I appreciate your help on this, can you tell me where I can learn all of this stuff for myself? I hate always being the noob, and would really like to be able to do it myself and maybe even help another noob one day
Yes, those files starting with "dm" that are 5 digits long may belong to Wareout. As the log says "This WILL/CAN also list Legit Files". So, before you remove them upload them and let the scanners decide. Upload these one at a time and all the others you know about. Go to Jotti's malware scan. Copy/Paste these files(one at a time) into "File to upload and scan". [bold]C:\WINDOWS\SYSTEM32\CSOQP.EXE C:\WINDOWS\SYSTEM32\DMAGW.EXE[/bold] Click Submit. If they are marked as malware, delete them. Please let me know if you can not delete any of them. Restart if you have to delete any. This suspicious entry: "O20 - AppInit_DLLs:" because it isn't showing a file. Other than that, not much wrong with your log. Some clean up can be done, but we'll do after you run Kaspersky. Go here and run Kaspersky Online Scanner. Accept the terms. After downloading, click "My Computer". After scanning, click "Save report as" and save it. Post back with the Kaspersky log.
Ok... First of all, I went to Jotti's malware scan and scanned the two files you mentioned. C:\WINDOWS\SYSTEM32\DMAGW.EXE Was hit as being viral so I deleted it, and then I checked for C:\WINDOWS\SYSTEM32\CSOQP.EXE and couldn't find it. I then scanned about 100 others and wound up deleting about 3 of them. Then I went to Kaspersky and tried to scan as you suggested, but that didn't work... My computer kept locking up and I am not known for my patience. So I just bought a copy and scanned my computer while I went to eat. Which brings me to my next question... You said that I should reply with my Kaspersky Log but I am having a problem with that. I opened the log with Word and it is about 17,000 pages with more than 8,000,000 words. I didn't think it would be too good to try to post it all... What exactly do you need from there? I am saving, in a seperate file, the contents of each tab from the scan so if any of that will help, let me know. Otherwise, just let me know what I should post. ThanX again
Eh, lol you didn't have to purchase Kaspersky. You could have just said it locked up and I would have suggested you run a different online scanner. No worries though, Kaspersky is a great anti-virus program. I'm sure it found anything that was bad, so no need to post any of the log. Post a new HijackThis log and also, how are things now? Any problems?
I haven't noticed any more problems (related to my original ones) since my last post, but I am still wary so far. The only real problems at the moment is discovering how many files were corrupted by viruses (Not sure how to make that plural... hahaha) and had to be deleted... Now I have to reinstall some of my other software. At least it's fixed, though! Thanx for all the support. Here is the HjT log... Logfile of HijackThis v1.99.1 Scan saved at 11:05:16 PM, on 10/20/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\CarpeNocturnal\Desktop\New Wonders\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Program\ereg.exe" -r "C:\Program Files\Nuance\NaturallySpeaking9\Program\ereg.ini" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab O18 - Protocol: bw+0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {52183FF6-2606-46B5-8008-C84855E0D788} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - AppInit_DLLs: O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Run a scan only with hijackThis, check these: [bold]O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O20 - AppInit_DLLs:[/bold] Close all windows excpet HijackThis then click "Fix checked". Log is clean now. Maybe run a full scan with SpyHunter and SUPERAntiSpyware if you haven't in a while or just to be certain. You're running two antispyware programs. This can cause confilts between the two and possibly produce false positives. Turn off the real-time protection of one. If you experience any more problems let me know. You're welcome and good luck!
Cool! ThanX, yet again! haha I ran Hijack This and those two were deleted. I received an error from the program about backing up that said I should email them about it and answer a few things for them... I am going to take care of that in the morning (it is 12:30 am here...) I greatly appreciate all your help Niobis...
You're very welcome! I'd like to know more about that message from HijackThis. I know about the backup message but never heard of them asking to anwser a few questions. If possible, please tell me what it said. Or if you do email them, please let me know what it is about, that is, if it isn't personal.
No problem... Here is the message: An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: ) Error #5 - Invalid procedure call or argument Please email me at merijn@spywareinfo.com, reporting the following: * What you were trying to fix when the error occurred, if applicable * How you can reproduce the error * A complete HijackThis scan log, if possible Windows version: Windows NT 5.01.2600 MSIE version: 6.0.2900.2180 HijackThis version: 1.99.1 This message has been copied to your clipboard. Click OK to continue the rest of the scan. The one that I don't get is, "How you can reproduce the error". I have no idea how I could reproduce the error... Probably because I don't know what the error was or how or why it happened. lol
It is saying it had an error trying to make a backup of the 020 entry you fixed. No worries because you do not need a backup of it. There should be no reason to have to restore it. Reproducing the error would mean making the prompt come back. The only way to do this is if the entry is still in the log and trying to fix it again. If you want you can email to inform him of this so maybe in the next version of HjT the entry(or similar entires) can be made availabe for backup. But really, there's no need. Is it still in the log after fixing?
No... Not there anymore. I did try to email a response to the email address provided, but I got a mail failure notice. I don't know what that's about, but my baby is running again so I don't really care too much! hahaha Both the O20 and the O2 are gone and Kaspersky, Norton, CounterSpy, Ad-Aware and HjT are all showing that I am clean, and my windows have not been hijacked yet! I'm a happy man! I also took your advice about the spyware programs and set only one to real time protection and all the others are set to scan at different times throughout the week. You have been a great help. Mostly, though, with the resource you led me to so I can learn all this for myself! Massive appreciation Read you later
Hi, having the same problem with this thing. I have attached my aighjack this file Logfile of HijackThis v1.99.1 Scan saved at 22:20:43, on 28/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Acer\Acer eConsole\MediaServerService.exe C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Program Files\Acer\Acer eMode Management\AspireService.exe C:\Program Files\Acer\Acer eConsole\MediaSync.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Canon\MultiPASS4\monitr32.exe C:\Program Files\Canon\MultiPASS4\MPTBox.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\License_Manager\license_manager.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe C:\Program Files\eMule\emule.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\calc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ERS.exe" /scan O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{12DADECB-1EE8-4AD7-A7F6-C12A4EDEEB02}: NameServer = 86.64.145.140 O17 - HKLM\System\CCS\Services\Tcpip\..\{1DF0C8B0-9FE6-4127-8E92-442EEDACECBF}: NameServer = 84.103.237.145 86.64.145.145 O17 - HKLM\System\CS1\Services\Tcpip\..\{12DADECB-1EE8-4AD7-A7F6-C12A4EDEEB02}: NameServer = 86.64.145.140 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe I hope you can be of help. T
