Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Win32 Centim Trojan

Started by Tommy2117 , Mar 03 2006 06:16 AM

  • This topic is locked This topic is locked
9 replies to this topic

#1 Tommy2117

Tommy2117

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 03 March 2006 - 06:16 AM

Hi,

My Zone Alarm Pro was letting me know that a Program was trying to connect it was not known to me
( IU.EXE) I searched my Programs folder and I found a folder not familiar to me. ( Information Update-Inside it was a program called IU.EXE) I ran My Anti-Virus NOD32 and it found Trojan unable to clean in Memory Win32.Centim Trojan, I booted up in safe Mode and deleted the folder, I then ran CCleaner, ran System Restore so I don't reinfect my Computer.

I then ran Ewido, SpyBot, Adaware, NOD32, MicroTrend House Call, Trojan Hunter 4.2, But my Computer is running really slow still I would like for somebody to take a look at my Hijack This Log to see if there is something I Missed.

Theres 1 File I wanted to let you know that I had installed is Desktop Spy to Monitor my Kids
023-WindowsDesktop Security C/Programs/RDS

Thanks in Advance. :wavey:


Tommy

Logfile of HijackThis v1.99.1
Scan saved at 10:43:38 PM, on 3/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RDS\svcagnt.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://windowsecurit...an/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120237295078
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com...tall/AxCtp2.cab
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak04.picture...US.9.1.6.18.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O18 - Protocol: bw+0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Windows Desktop Security (dtsagntsvc) - Unknown owner - C:\Program Files\RDS\svcagnt.exe" /svc (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

    Advertisements

Register to Remove

#2 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 09 March 2006 - 08:26 PM

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#3 Tommy2117

Tommy2117

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 10 March 2006 - 06:09 AM

Thanks for responding Siggyx :wavey:

Here's what you requested, I did install Remote Desktop Spy to Monitor the computer

Ewido Log
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:29:18 AM, 3/10/2006
+ Report-Checksum: 99F2A2F3

+ Scan result:

C:\Program Files\RDS\dtsproc.dll -> Not-A-Virus.Monitor.Win32.RemoteDesktopSpy.310 : Ignored
:mozilla.44:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Yieldmanager : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Yieldmanager : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Yieldmanager : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Yieldmanager : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Adrevolver : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Adrevolver : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Adrevolver : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Adrevolver : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Adrevolver : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Adrevolver : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Myaffiliateprogram : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Tacoda : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Tacoda : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Tacoda : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Tacoda : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Zedo : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Zedo : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Zedo : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Zedo : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Zedo : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Clickzs : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Clickzs : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Burstbeacon : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Casalemedia : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Casalemedia : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt -> Casalemedia : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\4c36qegl.default\cookies.txt -> Tacoda : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\4c36qegl.default\cookies.txt -> Tacoda : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\4c36qegl.default\cookies.txt -> Tacoda : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\4c36qegl.default\cookies.txt -> Tacoda : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\4c36qegl.default\cookies.txt -> Tacoda : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\4c36qegl.default\cookies.txt -> Atdmt : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\4c36qegl.default\cookies.txt -> Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\4c36qegl.default\cookies.txt -> Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\4c36qegl.default\cookies.txt -> Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Alyssa\Application Data\Mozilla\Firefox\Profiles\4c36qegl.default\cookies.txt -> Tribalfusion : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Fastclick : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Fastclick : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Fastclick : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Fastclick : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Fastclick : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Fastclick : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Atdmt : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Tribalfusion : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Tribalfusion : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Tribalfusion : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Tribalfusion : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Doubleclick : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Yieldmanager : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Yieldmanager : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Yieldmanager : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Yieldmanager : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Mediaplex : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Casalemedia : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Casalemedia : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Casalemedia : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Casalemedia : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Casalemedia : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Casalemedia : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Casalemedia : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Casalemedia : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Realcastmedia : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Realcastmedia : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Trafficmp : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Trafficmp : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Trafficmp : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Trafficmp : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Trafficmp : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Trafficmp : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Trafficmp : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Trafficmp : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Trafficmp : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Questionmarket : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Questionmarket : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> 2o7 : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> 2o7 : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Adrevolver : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Adrevolver : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Adrevolver : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Adrevolver : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Adrevolver : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Adserver : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Adserver : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Adserver : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Serving-sys : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Serving-sys : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Serving-sys : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Serving-sys : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Bridgetrack : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Bridgetrack : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Bridgetrack : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Serving-sys : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Tradedoubler : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Valueclick : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Valueclick : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Ru4 : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Ru4 : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt -> Ru4 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\dv6g3qz4.default\cookies.txt -> Adrevolver : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\dv6g3qz4.default\cookies.txt -> Zedo : Cleaned with backup
D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Hotbar51.zip/bin/4.2.8.0/HbHostOE.dll -> Adware.HotBar : Error during cleaning


::Report End



Hijack This Log

Logfile of HijackThis v1.99.1
Scan saved at 4:37:21 AM, on 3/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\RDS\svcagnt.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Diskeeper 10 Professional Edition Registration.lnk = C:\Program Files\Diskeeper Corporation\Diskeeper\ESIRegister.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://windowsecurit...an/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120237295078
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com...tall/AxCtp2.cab
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak04.picture...US.9.1.6.18.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O18 - Protocol: bw+0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Windows Desktop Security (dtsagntsvc) - Unknown owner - C:\Program Files\RDS\svcagnt.exe" /svc (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
:D

#4 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 10 March 2006 - 06:51 PM

Click here to run ActiveScan.
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Paste the contents of the Panda scan report along with a new HijackThis Log in your next reply.

#5 Tommy2117

Tommy2117

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 11 March 2006 - 09:02 AM

Panda Scan


Incident Status Location

Virus:Trj/Keylog.CJ Not disinfected Operating system
Adware:adware/centim Not disinfected C:\Documents and Settings\Tommy\Local Settings\Temp\well41.exe
Spyware:spyware/cws.olehelp Not disinfected Windows Registry
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/WUpd Not disinfected C:\FOUND.002\FILE0004.CHK
Virus:Trj/Keylog.CJ Not disinfected C:\Program Files\RDS\dtsproc.dll
Virus:Eicar.Mod Not disinfected C:\Program Files\PestPatrol\Help.chm[HowCanITestDetection.html]
Spyware:Cookie/RealMedia Not disinfected C:\FOUND.017\FILE0004.CHK
Spyware:Cookie/RealMedia Not disinfected C:\FOUND.017\FILE0005.CHK
Possible Virus. Not disinfected C:\Documents and Settings\Tommy\Local Settings\Temp\well41.exe
Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Tommy\My Documents\old My Documents\Ashley's saved pictures\My Pictures\hhousefree.exe[BSAVEINST.EXE]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\ql446ltu.default\cookies.txt[]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Alyssa\Cookies\alyssa@target[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Alyssa\Cookies\alyssa@target[3].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Alyssa\Cookies\alyssa@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Alyssa\Cookies\alyssa@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Alyssa\Cookies\alyssa@dist.belnk[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Alyssa\Cookies\alyssa@ath.belnk[3].txt
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Alyssa\Cookies\alyssa@64.62.232[4].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Alyssa\Cookies\alyssa@dist.belnk[3].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Alyssa\Cookies\alyssa@ath.belnk[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Alyssa\Cookies\alyssa@banner[3].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Alyssa\Cookies\alyssa@belnk[3].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@trafficmp[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@banner[3].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@offeroptimizer[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@ath.belnk[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@dist.belnk[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@questionmarket[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@did-it[2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@entrepreneur[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@belnk[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@z1.adserver[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@ath.belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@dist.belnk[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@casalemedia[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@belnk[3].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@tribalfusion[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@adrevolver[3].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@realmedia[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@tradedoubler[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@serving-sys[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Ashley\Cookies\ashley@ad.yieldmanager[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Ashley\Application Data\Mozilla\Firefox\Profiles\qldy0ktw.default\cookies.txt[]
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Rachel\Cookies\rachel@CA0DQBS9.txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Rachel\Cookies\rachel@go[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Donna\Cookies\donna@i.screensavers[1].txt
Virus:Trj/Zapchast.BI Not disinfected C:\winupd.bat.tcf
Spyware:Cookie/421 Not disinfected D:\WINDOWS\Cookies\thomas hickey@421[1].txt
Spyware:Cookie/Xiti Not disinfected D:\WINDOWS\Cookies\thomas hickey@xiti[1].txt
Spyware:Cookie/go Not disinfected D:\WINDOWS\Cookies\thomas hickey@go[1].txt
Spyware:Cookie/GoStats Not disinfected D:\WINDOWS\Cookies\thomas hickey@c3.gostats[2].txt
Adware:Adware/Comet Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CometCursors.zip[sbRecovery.reg]
Adware:Adware/Comet Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CometCursors1.zip[sbRecovery.reg]
Adware:Adware/Comet Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CometCursors68.zip[sbRecovery.reg]
Adware:Adware/Comet Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CometCursors104.zip[sbRecovery.reg]
Adware:Adware/Comet Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CometCursors105.zip[sbRecovery.reg]
Adware:Adware/Comet Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CometCursors109.zip[CC_43.inf]
Adware:Adware/Comet Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CometCursors110.zip[CC_43.inf]
Adware:Adware/SideStep Not disinfected D:\Program Files\Spybot - Search & Destroy 1.1\Recovery\SideStep5.zip[SbCIe026.dll]
Adware:Adware/SaveNow Not disinfected D:\old My Documents\Ashley's saved pictures\My Pictures\hhousefree.exe[BSAVEINST.EXE]


Hijack This Log

Logfile of HijackThis v1.99.1
Scan saved at 9:57:51 AM, on 3/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\RDS\svcagnt.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Diskeeper 10 Professional Edition Registration.lnk = C:\Program Files\Diskeeper Corporation\Diskeeper\ESIRegister.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://windowsecurit...an/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120237295078
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com...tall/AxCtp2.cab
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak04.picture...US.9.1.6.18.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O18 - Protocol: bw+0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Windows Desktop Security (dtsagntsvc) - Unknown owner - C:\Program Files\RDS\svcagnt.exe" /svc (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

#6 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 11 March 2006 - 09:11 AM

Please download and run CWShredder. Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.

http://www.majorgeek...7fd6b3ff02edc90

REBOOT

Step #2

Please download and run Spybot 1.4 & AdAware SE Then follow the instructions in the link below to run.

Spybot & Adaware Tutorial

REBOOT

Step # 3

Then do 2 virus scans here >>>

Trend Micro

Panda

Reboot and post a new HiJackThis log.

#7 Tommy2117

Tommy2117

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 12 March 2006 - 06:56 PM

Hi Siggyx

Here's the log you requested, How's it look now

Logfile of HijackThis v1.99.1
Scan saved at 7:50:53 PM, on 3/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RDS\svcagnt.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Diskeeper 10 Professional Edition Registration.lnk = C:\Program Files\Diskeeper Corporation\Diskeeper\ESIRegister.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://windowsecurit...an/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120237295078
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com...tall/AxCtp2.cab
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak04.picture...US.9.1.6.18.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O18 - Protocol: bw+0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4195263-6119-4F8A-9069-EE6FBDEB2218} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Windows Desktop Security (dtsagntsvc) - Unknown owner - C:\Program Files\RDS\svcagnt.exe" /svc (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

#8 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 12 March 2006 - 07:37 PM

Looks ok how is it running?

#9 Tommy2117

Tommy2117

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 12 March 2006 - 09:39 PM

Running a lot better now, Thanks for your time and help Tommy :wavey:

#10 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 12 March 2006 - 10:13 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·