Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

First HiJack This log

Started by mdearing , Feb 17 2006 12:30 PM

  • This topic is locked This topic is locked
8 replies to this topic

#1 mdearing

mdearing

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 17 February 2006 - 12:30 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:20:18 AM, on 2/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\pupxpman.exe
C:\Program Files\OLYMPUS\DeviceDetector\DM1Service.exe
C:\WINDOWS\etlisrv.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Borland\Interbase\Bin\IBGuard.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Dantz\Client\Remotsvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Dantz\Client\retroclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\etdsvc.exe
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
C:\WINDOWS\system32\USBIcon.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\Creative\ShareDLL\MEDIADET.EXE
C:\Program Files\Borland\Interbase\Bin\IBServer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SurfSecret\Privacy Protector\SS2-FULL.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive\RemoteCenter\Rc\OSDMenu.EXE
C:\Program Files\Creative\SBLive\RemoteCenter\Rc\EAX.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Creative\SBLive\RemoteCenter\Rc\VRC.exe
C:\Program Files\Creative\SBLive\RemoteCenter\Center\RCenter.exe
C:\WINDOWS\system32\etlitr50.exe
C:\Program Files\palm\Hotsync.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\Qualcomm\Eudora Mail\Eudora.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Documents and Settings\Munro Dearing\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.dogpile.com/info.dogpl/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.dogpile.c....dogpl.toolbar/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Munro Dearing\Application Data\Mozilla\Profiles\default\j51gu95u.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\System32\pupxpman.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS\system32\PUPXPTWK.EXE /TWEAK
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [RemoteCenter] C:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCI USB Icon] C:\WINDOWS\system32\USBIcon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - HKLM\..\RunOnce: [SSCTL] C:\Program Files\SurfSecret\Privacy Protector\IC.exe
O4 - HKCU\..\Run: [SurfSecret] C:\Program Files\SurfSecret\Privacy Protector\SS2-FULL.exe /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Microsoft Office Shortcut Bar.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: VERITAS Install Exec Setup.lnk = C:\temp\etdeltmp\0000001E.DEL
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe
O4 - Global Startup: Entrust.lnk = C:\WINDOWS\system32\etlitr50.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palm\Hotsync.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Popup Eliminator - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\SurfSecret\Popup Eliminator\PEToolBar521.dll (file missing)
O9 - Extra 'Tools' menuitem: Popup Eliminator - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\SurfSecret\Popup Eliminator\PEToolBar521.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: cpcScanner - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://download.tsa...ing/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.co...ne_Inst_Win.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://F:\content\include\XPPatchInstaller.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akama...iTunesSetup.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120671596352
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126290627028
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://F:\Content\include\msSecUcd.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...380/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O16 - DPF: {FEF89F19-213D-4393-B739-AAC6876C147C} (VeriTest LiveTest Bar Activate) - http://www.livetest....ivetest_bar.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...tallComcast.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{769C6E3C-2693-42BF-8FCF-4F5212D75608}: Domain = arc.nasa.gov
O17 - HKLM\System\CCS\Services\Tcpip\..\{769C6E3C-2693-42BF-8FCF-4F5212D75608}: NameServer = 128.102.0.34,128.102.252.34,128.102.254.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{769C6E3C-2693-42BF-8FCF-4F5212D75608}: NameServer = 143.232.252.34,128.102.254.34
O17 - HKLM\System\CS2\Services\Tcpip\..\{769C6E3C-2693-42BF-8FCF-4F5212D75608}: Domain = arc.nasa.gov
O17 - HKLM\System\CS2\Services\Tcpip\..\{769C6E3C-2693-42BF-8FCF-4F5212D75608}: NameServer = 128.102.0.34,128.102.252.34,128.102.254.34
O17 - HKLM\System\CS3\Services\Tcpip\..\{769C6E3C-2693-42BF-8FCF-4F5212D75608}: Domain = arc.nasa.gov
O17 - HKLM\System\CS3\Services\Tcpip\..\{769C6E3C-2693-42BF-8FCF-4F5212D75608}: NameServer = 128.102.0.34,128.102.252.34,128.102.254.34
O18 - Protocol: bw+0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter hijack: text/xml - (no CLSID) - (no file)
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DM1Service - OLYMPUS OPTICAL CO.,LTD - C:\Program Files\OLYMPUS\DeviceDetector\DM1Service.exe
O23 - Service: Entrust Login Interface (ELIService) - Entrust® - C:\WINDOWS\etlisrv.exe
O23 - Service: Entrust/TrueDelete™ (ETDSVC) - Entrust Technologies Ltd. - C:\WINDOWS\System32\etdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\Interbase\Bin\IBGuard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\Interbase\Bin\IBServer.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Retrospect Client - Dantz Development Corporation - C:\Program Files\Dantz\Client\Remotsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

What is good and what is bad? Thanks

    Advertisements

Register to Remove

#2 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 17 February 2006 - 09:51 PM

Hello mdearing and welcome to TomCoyote,

You are running “Selective Start-up” mode and you have selectively removed some items from the startup procedure. Please re-enable those startup entries by doing the following:

Click on Start, then Run, and type msconfig and select Normal Startup then click Apply. Then press OK If it asks to reboot, DO NOT reboot.

Please scan with hijackthis and post another log.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#3 mdearing

mdearing

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 21 February 2006 - 03:12 PM

Susan528:
Here is the log in full start up:
Logfile of HijackThis v1.99.1
Scan saved at 1:00:07 PM, on 2/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\OLYMPUS\DeviceDetector\DM1Service.exe
C:\WINDOWS\etlisrv.exe
C:\Program Files\Borland\Interbase\Bin\IBGuard.exe
C:\Program Files\Dantz\Client\Remotsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dantz\Client\retroclient.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\etdsvc.exe
C:\Program Files\Borland\Interbase\Bin\IBServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\pupxpman.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
C:\WINDOWS\system32\USBIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Creative\ShareDLL\MEDIADET.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\SurfSecret\Privacy Protector\SS2-FULL.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Creative\SBLive\RemoteCenter\Rc\OSDMenu.EXE
C:\Program Files\Creative\SBLive\RemoteCenter\Rc\EAX.exe
C:\Program Files\Creative\SBLive\RemoteCenter\Rc\VRC.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Creative\SBLive\RemoteCenter\Center\RCenter.exe
C:\Program Files\eFax Messenger 4.1\J2GTray.exe
C:\WINDOWS\system32\etlitr50.exe
C:\Program Files\palm\Hotsync.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Munro Dearing\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.dogpile.com/info.dogpl/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.dogpile.c....dogpl.toolbar/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Munro Dearing\Application Data\Mozilla\Profiles\default\j51gu95u.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\System32\pupxpman.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS\system32\PUPXPTWK.EXE /TWEAK
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [RemoteCenter] C:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCI USB Icon] C:\WINDOWS\system32\USBIcon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - HKLM\..\RunOnce: [SSCTL] C:\Program Files\SurfSecret\Privacy Protector\IC.exe
O4 - HKCU\..\Run: [SurfSecret] C:\Program Files\SurfSecret\Privacy Protector\SS2-FULL.exe /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -aim
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Microsoft Office Shortcut Bar.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Startup: VERITAS Install Exec Setup.lnk = C:\temp\etdeltmp\0000001E.DEL
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe
O4 - Global Startup: Entrust.lnk = C:\WINDOWS\system32\etlitr50.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palm\Hotsync.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Popup Eliminator - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\SurfSecret\Popup Eliminator\PEToolBar521.dll (file missing)
O9 - Extra 'Tools' menuitem: Popup Eliminator - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\SurfSecret\Popup Eliminator\PEToolBar521.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: cpcScanner - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://download.tsa...ing/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.co...ne_Inst_Win.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://F:\content\include\XPPatchInstaller.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akama...iTunesSetup.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120671596352
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126290627028
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://F:\Content\include\msSecUcd.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...380/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O16 - DPF: {FEF89F19-213D-4393-B739-AAC6876C147C} (VeriTest LiveTest Bar Activate) - http://www.livetest....ivetest_bar.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...tallComcast.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{769C6E3C-2693-42BF-8FCF-4F5212D75608}: Domain = arc.nasa.gov
O17 - HKLM\System\CCS\Services\Tcpip\..\{769C6E3C-2693-42BF-8FCF-4F5212D75608}: NameServer = 128.102.0.34,128.102.252.34,128.102.254.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{769C6E3C-2693-42BF-8FCF-4F5212D75608}: NameServer = 143.232.252.34,128.102.254.34
O17 - HKLM\System\CS2\Services\Tcpip\..\{769C6E3C-2693-42BF-8FCF-4F5212D75608}: Domain = arc.nasa.gov
O17 - HKLM\System\CS2\Services\Tcpip\..\{769C6E3C-2693-42BF-8FCF-4F5212D75608}: NameServer = 128.102.0.34,128.102.252.34,128.102.254.34
O17 - HKLM\System\CS3\Services\Tcpip\..\{769C6E3C-2693-42BF-8FCF-4F5212D75608}: Domain = arc.nasa.gov
O17 - HKLM\System\CS3\Services\Tcpip\..\{769C6E3C-2693-42BF-8FCF-4F5212D75608}: NameServer = 128.102.0.34,128.102.252.34,128.102.254.34
O18 - Protocol: bw+0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter hijack: text/xml - (no CLSID) - (no file)
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DM1Service - OLYMPUS OPTICAL CO.,LTD - C:\Program Files\OLYMPUS\DeviceDetector\DM1Service.exe
O23 - Service: Entrust Login Interface (ELIService) - Entrust® - C:\WINDOWS\etlisrv.exe
O23 - Service: Entrust/TrueDelete™ (ETDSVC) - Entrust Technologies Ltd. - C:\WINDOWS\System32\etdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\Interbase\Bin\IBGuard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\Interbase\Bin\IBServer.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Retrospect Client - Dantz Development Corporation - C:\Program Files\Dantz\Client\Remotsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Thanks for your help.

#4 mdearing

mdearing

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 21 February 2006 - 03:14 PM

Susan528, I rebooted to get the above log. Sorry. I hope that does not mess things up. mdearing

#5 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 21 February 2006 - 04:20 PM

Hello mdearing,

Don't worry about the reboot. Please do the following:

STEP 1.
======
Open HijackThis. Place a check against each of the following, making sure you get them all and not any others by mistake:
O9 - Extra button: Popup Eliminator - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\SurfSecret\Popup Eliminator\PEToolBar521.dll (file missing)
O9 - Extra 'Tools' menuitem: Popup Eliminator - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\SurfSecret\Popup Eliminator\PEToolBar521.dll (file missing)
After you check these items, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

Show Hidden Files
Please show all files for your system.
You will need to reverse this process when all steps are done.


Delete Files and Folders
Please delete the following files/folders:
C:\Program Files\SurfSecret\<<folder

If you have any problem deleting these items, reboot into Safe Mode (tap F8 during bootup, use arrow keys to select Safe Mode, then hit 'enter') and try again.

Reboot .

STEP 2.
======
Ewido Trojan Scanner
Please download, install, and update the NEW free version of Ewido trojan scanner:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
  • If ewido finds anything, it will pop up a notification. Select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Please post the report from ewido and another hijackthis log.

Edited by Susan528, 21 February 2006 - 04:22 PM.

Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#6 mdearing

mdearing

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 22 February 2006 - 12:33 PM

Susan528,

Here is the last HiJack Log:
Logfile of HijackThis v1.99.1
Scan saved at 10:28:04 AM, on 2/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\OLYMPUS\DeviceDetector\DM1Service.exe
C:\WINDOWS\etlisrv.exe
C:\Program Files\Borland\Interbase\Bin\IBGuard.exe
C:\Program Files\Dantz\Client\Remotsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dantz\Client\retroclient.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\etdsvc.exe
C:\Program Files\Borland\Interbase\Bin\IBServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\pupxpman.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
C:\WINDOWS\system32\USBIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Creative\ShareDLL\MEDIADET.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\SurfSecret\Privacy Protector\SS2-FULL.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Creative\SBLive\RemoteCenter\Rc\OSDMenu.EXE
C:\Program Files\Creative\SBLive\RemoteCenter\Rc\EAX.exe
C:\Program Files\Creative\SBLive\RemoteCenter\Rc\VRC.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Creative\SBLive\RemoteCenter\Center\RCenter.exe
C:\Program Files\eFax Messenger 4.1\J2GTray.exe
C:\WINDOWS\system32\etlitr50.exe
C:\Program Files\palm\Hotsync.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Qualcomm\Eudora Mail\Eudora.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\Munro Dearing\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.dogpile.com/info.dogpl/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.dogpile.c....dogpl.toolbar/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Munro Dearing\Application Data\Mozilla\Profiles\default\j51gu95u.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\System32\pupxpman.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS\system32\PUPXPTWK.EXE /TWEAK
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [RemoteCenter] C:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCI USB Icon] C:\WINDOWS\system32\USBIcon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - HKLM\..\RunOnce: [SSCTL] C:\Program Files\SurfSecret\Privacy Protector\IC.exe
O4 - HKCU\..\Run: [SurfSecret] C:\Program Files\SurfSecret\Privacy Protector\SS2-FULL.exe /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -aim
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Microsoft Office Shortcut Bar.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Startup: VERITAS Install Exec Setup.lnk = C:\temp\etdeltmp\0000001E.DEL
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe
O4 - Global Startup: Entrust.lnk = C:\WINDOWS\system32\etlitr50.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palm\Hotsync.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: cpcScanner - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://download.tsa...ing/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.co...ne_Inst_Win.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://F:\content\include\XPPatchInstaller.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akama...iTunesSetup.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120671596352
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126290627028
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://F:\Content\include\msSecUcd.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...380/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O16 - DPF: {FEF89F19-213D-4393-B739-AAC6876C147C} (VeriTest LiveTest Bar Activate) - http://www.livetest....ivetest_bar.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...tallComcast.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{769C6E3C-2693-42BF-8FCF-4F5212D75608}: Domain = arc.nasa.gov
O17 - HKLM\System\CCS\Services\Tcpip\..\{769C6E3C-2693-42BF-8FCF-4F5212D75608}: NameServer = 128.102.0.34,128.102.252.34,128.102.254.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{769C6E3C-2693-42BF-8FCF-4F5212D75608}: NameServer = 143.232.252.34,128.102.254.34
O17 - HKLM\System\CS2\Services\Tcpip\..\{769C6E3C-2693-42BF-8FCF-4F5212D75608}: Domain = arc.nasa.gov
O17 - HKLM\System\CS2\Services\Tcpip\..\{769C6E3C-2693-42BF-8FCF-4F5212D75608}: NameServer = 128.102.0.34,128.102.252.34,128.102.254.34
O17 - HKLM\System\CS3\Services\Tcpip\..\{769C6E3C-2693-42BF-8FCF-4F5212D75608}: Domain = arc.nasa.gov
O17 - HKLM\System\CS3\Services\Tcpip\..\{769C6E3C-2693-42BF-8FCF-4F5212D75608}: NameServer = 128.102.0.34,128.102.252.34,128.102.254.34
O18 - Protocol: bw+0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {62D4E848-879E-4F6B-A4C6-1F56B9B5EC85} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter hijack: text/xml - (no CLSID) - (no file)
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DM1Service - OLYMPUS OPTICAL CO.,LTD - C:\Program Files\OLYMPUS\DeviceDetector\DM1Service.exe
O23 - Service: Entrust Login Interface (ELIService) - Entrust® - C:\WINDOWS\etlisrv.exe
O23 - Service: Entrust/TrueDelete™ (ETDSVC) - Entrust Technologies Ltd. - C:\WINDOWS\System32\etdsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\Interbase\Bin\IBGuard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\Interbase\Bin\IBServer.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Retrospect Client - Dantz Development Corporation - C:\Program Files\Dantz\Client\Remotsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Please note I did note remove SurfSecret files. I do not believe they are causing the problem.



Here is the ewido anti-malware Scan Report:


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:21:10 AM, 2/22/2006
+ Report-Checksum: BE24F35C

+ Scan result:

HKLM\SOFTWARE\180solutions -> Adware.180Solutions : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Munro Dearing\Application Data\Mozilla\Firefox\Profiles\default.bkr\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Munro Dearing\Application Data\Mozilla\Firefox\Profiles\default.bkr\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Munro Dearing\Application Data\Mozilla\Firefox\Profiles\default.bkr\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Munro Dearing\Application Data\Mozilla\Firefox\Profiles\default.bkr\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Munro Dearing\Application Data\Mozilla\Firefox\Profiles\default.bkr\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Munro Dearing\Application Data\Mozilla\Firefox\Profiles\default.bkr\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Munro Dearing\Application Data\Mozilla\Firefox\Profiles\default.bkr\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Munro Dearing\Application Data\Mozilla\Firefox\Profiles\default.bkr\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Munro Dearing\Application Data\Mozilla\Firefox\Profiles\default.bkr\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Munro Dearing\Application Data\Mozilla\Firefox\Profiles\default.bkr\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Munro Dearing\Application Data\Mozilla\Firefox\Profiles\default.bkr\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Munro Dearing\Cookies\munro dearing@burstnet[10].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Munro Dearing\Cookies\munro dearing@burstnet[11].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Munro Dearing\Cookies\munro dearing@burstnet[12].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Munro Dearing\Cookies\munro dearing@burstnet[13].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Munro Dearing\Cookies\munro dearing@burstnet[14].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Munro Dearing\Cookies\munro dearing@burstnet[15].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Munro Dearing\Cookies\munro dearing@burstnet[16].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Munro Dearing\Cookies\munro dearing@burstnet[17].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Munro Dearing\Cookies\munro dearing@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Munro Dearing\Cookies\munro dearing@burstnet[3].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Munro Dearing\Cookies\munro dearing@burstnet[4].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Munro Dearing\Cookies\munro dearing@burstnet[5].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Munro Dearing\Cookies\munro dearing@burstnet[6].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Munro Dearing\Cookies\munro dearing@burstnet[7].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Munro Dearing\Cookies\munro dearing@burstnet[8].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Munro Dearing\Cookies\munro dearing@burstnet[9].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Munro Dearing\Cookies\munro dearing@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Program Files\DogpileToolbar -> Adware.Dogpile : Cleaned with backup
C:\Program Files\DogpileToolbar\tbinstall.log -> Adware.Dogpile : Cleaned with backup
C:\Program Files\DogpileToolbar\tbuninstall.log -> Adware.Dogpile : Cleaned with backup
C:\Program Files\Qualcomm\Eudora Mail\Attach\poop_on_you.exe -> Not-A-Virus.BadJoke.Win32.Unko.a : Cleaned with backup
D:\My Downloads\Downloads\Bounce Spam Mail\BSM18.zip/BSM18.exe -> Not-A-Virus.NetTool.Win32.BSM.18 : Cleaned with backup


::Report End

#7 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 22 February 2006 - 05:51 PM

Hello mdearing,

Your hijackthis log appears to be clean and ewido log looks fine. :) I am glad you did not delete the SurfSecret files. The 09 entries which were definitely bad had a file in the SurfSecret folder and I went overboard.

It appears that you have two antivirus programs installed
Symantec AntiVirus and Grisoft's AVG
You need to only one since they can interfer with each other. Both are good applications but you need to chose which one you want to keep and uninstall the other.

It is not a good idea to run more than one firewall, and one anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other.*

How did I get infected in the First Place?


STEP 1.
======
Cleanmgr
To clean temporary files:
  • Go > start > run and type cleanmgr and click OK
  • Scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
  • Click OK to remove those files.
  • Click Yes to confirm deletion.
STEP 2.
======
Prefetch Folder
Open C:\Windows\Prefetch\
Delete All files in this folder but not the Prefetch folder

STEP 3.

System Restore for Windows XP
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
  • Turn off System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Reboot.

Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.
STEP 1.
======
Cleanmgr
To clean temporary files:
  • Go > start > run and type cleanmgr and click OK
  • Scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
  • Click OK to remove those files.
  • Click Yes to confirm deletion.
STEP 2.
======
Prefetch Folder
Open C:\Windows\Prefetch\
Delete All files in this folder but not the Prefetch folder

STEP 3.

System Restore for Windows XP
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
  • Turn off System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Reboot.

Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.

STEP 4.
======
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Test your Firewall - Please test your firewall and make sure it is working properly.
    Test Firewall

  • Visit Microsoft's Update Site Frequently - It is important that you visit Windows Updates regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
    A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
    A tutorial on installing & using this product can be found here:
    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    A tutorial on installing & using this product can be found here:
    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • More info on how to prevent malware you can also find here (By Tony Klein)
    and here: http://wiki.castleco...nt_Re-infection
Follow this list and your potential for being infected again will reduce dramatically.

Thank you for allowing me to assist you.



Thank you for allowing me to assist you.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#8 mdearing

mdearing

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 23 February 2006 - 03:48 PM

Thanks for the information. In regards to running more than one anti-virus, I have tried to remove Norton but is persistent in leaving trailings on my computer. Do you know of any good way to completely rid myself of it and then do a clean install?

#9 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 23 February 2006 - 08:07 PM

I wish I could help you there but I had the same problem one time trying to uninstall McAffee. It would not uninstall cleanly and I had to remove it in pieces. I remember that I could not delete one file but had to rename it in order to delete it.

You could try the forum for other computer problems since this is not malware related now.
http://forums.tomcoy...hp?showforum=83

Edited by Susan528, 23 February 2006 - 08:09 PM.

Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·