Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

CoolWWWSearch Feat2DLL and Installer

Started by Igloo225 , May 29 2006 11:24 AM

  • This topic is locked This topic is locked
10 replies to this topic

#1 Igloo225

Igloo225

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 29 May 2006 - 11:24 AM

Hi,

SpyBot hangs on either CWS Feat or Installer when I run it. Can't seem to find the problem. Is CSW on my machine? I don't see anything on the hijack log but I feel sure it's there. If it isn't what else could it be? Here's the hijackthis log I just made:

Logfile of HijackThis v1.99.1
Scan saved at 1:10:17 PM, on 06.05.29
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.PDeskNet.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
C:\software installs\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\software installs\SetPoint\SetPoint.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterRuntime.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe
c:\program files\matrox graphics inc\powerdesk hf\Matrox.PowerDesk.Communications.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\ADMINI~1\MYDOCU~1\MYDOWN~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox PowerDesk 8] "C:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe" /silent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
O4 - HKCU\..\Run: [LDM] C:\software installs\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\software installs\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\software installs\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68250D82-B5EF-4CBC-B72C-CA04792F12D2}: NameServer = 142.163.255.4,209.128.1.4
O18 - Protocol: bw+0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\software installs\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


I would appreciate any help - even if it's to say that CSW isn't the problem....

Thanks,

David

    Advertisements

Register to Remove

#2 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 29 May 2006 - 03:45 PM

Please download and run CWShredder here
Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.

We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine.
Detailed instructions from here

Then post another log. Also is there other users on this PC.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#3 Igloo225

Igloo225

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 29 May 2006 - 06:22 PM

Please download and run CWShredder here
Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.

We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine.
Detailed instructions from here

Then post another log. Also is there other users on this PC.


There is no other user on this machine; although, in the past, it was networked.

Re-booting in safe-mode took a very long time - 2 minutes to boot up. Never seen that before.

Here are the logs I took while in safe mode, both CWShredder and another hijackthis.

Thank you for your interest and help.

CWShredder:
**** Run Keys ****

RUN: [Synchronization Manager] mobsync.exe /logon
RUN: [Matrox PowerDesk 8] "C:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe" /silent
RUN: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
RUN: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
RUN: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
RUN: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
RUN: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
RUN: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
RUN: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
RUN: []
RUN: [LDM] C:\software installs\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe


**** Browser Helper Objects ****

BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
BHO: [SpywareGuardDLBLOCK.CBrowserHelper] C:\Program Files\SpywareGuard\dlprotect.dll
BHO: [] C:\DOCUME~1\ADMINI~1\MYDOCU~1\MYDOWN~1\SPYBOT~1\SDHelper.dll
BHO: [SSVHelper Class] C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
BHO: [Google Toolbar Helper] c:\program files\google\googletoolbar2.dll
BHO: [AcroIEToolbarHelper Class] C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll


**** IE Toolbars ****

TOOLBAR: [@msdxmLC.dll,-1@1033,&Radio] C:\WINNT\system32\msdxm.ocx
TOOLBAR: [Adobe PDF] C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
TOOLBAR: [&Google] c:\program files\google\googletoolbar2.dll


**** IE Extensions ****



**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost


**** IE Settings ****

Default Page: http://www.microsoft...er=6&ar=msnhome
Default Search: http://www.microsoft...=ie&ar=iesearch
Local Page: C:\WINNT\system32\blank.htm
Search Bar: http://www.google.com/ie
Search Page: http://www.microsoft...=ie&ar=iesearch


**** IE Context Menu (Right click) ****

IEContext: [&Google Search] res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IEContext: [&Translate English Word] res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IEContext: [Backward Links] res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IEContext: [Cached Snapshot of Page] res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
IEContext: [E&xport to Microsoft Excel] res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
IEContext: [Similar Pages] res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html


**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{18360561-0691-4F8B-AF1E-8DD016B702F7}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{18360561-0691-4F8B-AF1E-8DD016B702F7}] DATAGRAM 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{68250D82-B5EF-4CBC-B72C-CA04792F12D2}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{68250D82-B5EF-4CBC-B72C-CA04792F12D2}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C3DBD832-027D-4396-806A-9A197DA56471}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C3DBD832-027D-4396-806A-9A197DA56471}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F559DCC1-64C5-43EE-9F75-7C89358A5557}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F559DCC1-64C5-43EE-9F75-7C89358A5557}] DATAGRAM 2


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/...ndows-i586.cab]
{B1826A9F-4AA0-4510-BA77-9013E74E4B9B} [http://www.trendmicr...can/as4web.cab] C:\WINNT\Downloaded Program Files\SpSubRx.exe
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [http://java.sun.com/...ndows-i586.cab]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/...ndows-i586.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://fpdownload.ma...sh/swflash.cab]


**** Windows Services ****

[Aic1npeca]
[Alerter] %SystemRoot%\system32\services.exe
[AppMgmt] %SystemRoot%\system32\services.exe
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
[ATMsrvc] %SystemRoot%\System32\ATMsrvc.exe
[Autodesk Licensing Service] "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
[Avg7Alrt] C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
[Avg7UpdSvc] C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
[AVGEMS] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
[awhost32] C:\Program Files\Symantec\pcAnywhere\awhost32.exe
[BITS] %SystemRoot%\system32\svchost.exe -k BITSgroup
[Browser] %SystemRoot%\system32\services.exe
[C-DillaCdaC11BA] C:\WINNT\system32\drivers\CDAC11BA.EXE
[cisvc] C:\WINNT\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[clr_optimization_v2.0.50727_32] C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[DCPFLICS] C:\Program Files\DCPFLICS\DCPFLICS.exe
[Dhcp] %SystemRoot%\system32\services.exe
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\services.exe
[Dnscache] %SystemRoot%\system32\services.exe
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINNT\system32\svchost.exe -k netsvcs
[Fax] %systemroot%\system32\faxsvc.exe
[HidServ] %SystemRoot%\system32\hidserv.exe
[IDriverT] "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
[lanmanserver] %SystemRoot%\system32\services.exe
[lanmanworkstation] %SystemRoot%\system32\services.exe
[LmHosts] %SystemRoot%\system32\services.exe
[Messenger] %SystemRoot%\system32\services.exe
[mi-raysat_3dsmax8] "C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe"
[mnmsrvc] C:\WINNT\system32\mnmsrvc.exe
[MSDTC] C:\WINNT\system32\msdtc.exe
[MSIServer] C:\WINNT\system32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\system32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\system32\lsass.exe
[NtmsSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\system32\lsass.exe
[PPPoEService] C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
[ProtectedStorage] %SystemRoot%\system32\services.exe
[RasAuto] %SystemRoot%\system32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\system32\svchost.exe -k netsvcs
[RemoteAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\regsvc.exe
[RpcLocator] %SystemRoot%\system32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\system32\rsvp.exe -s
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardDrv] %SystemRoot%\System32\SCardSvr.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\system32\MSTask.exe
[SDhelper] C:\Program Files\Spyware Doctor\sdhelp.exe
[seclogon] %SystemRoot%\system32\services.exe
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[sfmgr] C:\3dsmax6\brazil\Brazil\Licensing\sfmgr\sfmgr.exe
[SharedAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[SoundMAX Agent Service (default)] C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
[Spooler] %SystemRoot%\system32\spoolsv.exe
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TlntSvr] %SystemRoot%\system32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\services.exe
[UPS] %SystemRoot%\System32\ups.exe
[UtilMan] %SystemRoot%\System32\UtilMan.exe
[W32Time] %SystemRoot%\System32\services.exe
[WinMgmt] %SystemRoot%\System32\WBEM\WinMgmt.exe
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[Wmi] %SystemRoot%\system32\Services.exe
[wuauserv] %systemroot%\system32\svchost.exe -k wugroup
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs


**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://ie.search.msn...st/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn...st/srchcust.htm


**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINNT\system32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.microsoft...er=6&ar=msnhome
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://www.microsoft...=ie&ar=iesearch
IEOPT: [Q261272] yes
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [Disable Script Debugger] yes
IEOPT: [Use FormSuggest] no
IEOPT: [AutoSearch]
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [Use Search Asst] no
IEOPT: [Search Bar] http://www.google.com/ie
IEOPT: [Enable Browser Extensions] yes
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [Check_Associations] no
IEOPT: [Start Page] http://www.microsoft...B_PVER}&ar=home
IEOPT: [Default_Page_URL] http://www.microsoft...er=6&ar=msnhome
IEOPT: [Default_Search_URL] http://www.microsoft...=ie&ar=iesearch
IEOPT: [Search Page] http://www.microsoft...=ie&ar=iesearch
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.00.2800.1106
IEOPT: [FullScreen] no
IEOPT: [Check_Associations] yes

hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 7:57:33 PM, on 06.05.29
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\ADMINI~1\MYDOCU~1\MYDOWN~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox PowerDesk 8] "C:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe" /silent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
O4 - HKCU\..\Run: [LDM] C:\software installs\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\software installs\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\software installs\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68250D82-B5EF-4CBC-B72C-CA04792F12D2}: NameServer = 142.163.255.4,209.128.1.4
O18 - Protocol: bw+0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\software installs\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

David

#4 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 29 May 2006 - 07:29 PM

Run cwshreadder in safemode and hijackthis after you reboot.

When you run cwshreadder chose fix>
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#5 Igloo225

Igloo225

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 29 May 2006 - 07:50 PM

Run cwshreadder in safemode and hijackthis after you reboot.

When you run cwshreadder chose fix>


Here's the log of CWShredder in safe mode:

**** Run Keys ****

RUN: [Synchronization Manager] mobsync.exe /logon
RUN: [Matrox PowerDesk 8] "C:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe" /silent
RUN: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
RUN: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
RUN: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
RUN: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
RUN: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
RUN: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
RUN: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
RUN: []
RUN: [LDM] C:\software installs\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe


**** Browser Helper Objects ****

BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
BHO: [SpywareGuardDLBLOCK.CBrowserHelper] C:\Program Files\SpywareGuard\dlprotect.dll
BHO: [] C:\DOCUME~1\ADMINI~1\MYDOCU~1\MYDOWN~1\SPYBOT~1\SDHelper.dll
BHO: [SSVHelper Class] C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
BHO: [Google Toolbar Helper] c:\program files\google\googletoolbar2.dll
BHO: [AcroIEToolbarHelper Class] C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll


**** IE Toolbars ****

TOOLBAR: [@msdxmLC.dll,-1@1033,&Radio] C:\WINNT\system32\msdxm.ocx
TOOLBAR: [Adobe PDF] C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
TOOLBAR: [&Google] c:\program files\google\googletoolbar2.dll


**** IE Extensions ****



**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost


**** IE Settings ****

Default Page: http://www.microsoft...er=6&ar=msnhome
Default Search: http://www.microsoft...=ie&ar=iesearch
Local Page: C:\WINNT\system32\blank.htm
Search Bar: http://www.google.com/ie
Search Page: http://www.microsoft...=ie&ar=iesearch


**** IE Context Menu (Right click) ****

IEContext: [&Google Search] res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IEContext: [&Translate English Word] res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IEContext: [Backward Links] res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IEContext: [Cached Snapshot of Page] res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
IEContext: [E&xport to Microsoft Excel] res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
IEContext: [Similar Pages] res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html


**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{18360561-0691-4F8B-AF1E-8DD016B702F7}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{18360561-0691-4F8B-AF1E-8DD016B702F7}] DATAGRAM 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{68250D82-B5EF-4CBC-B72C-CA04792F12D2}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{68250D82-B5EF-4CBC-B72C-CA04792F12D2}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C3DBD832-027D-4396-806A-9A197DA56471}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C3DBD832-027D-4396-806A-9A197DA56471}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F559DCC1-64C5-43EE-9F75-7C89358A5557}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F559DCC1-64C5-43EE-9F75-7C89358A5557}] DATAGRAM 2


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/...ndows-i586.cab]
{B1826A9F-4AA0-4510-BA77-9013E74E4B9B} [http://www.trendmicr...can/as4web.cab] C:\WINNT\Downloaded Program Files\SpSubRx.exe
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [http://java.sun.com/...ndows-i586.cab]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/...ndows-i586.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://fpdownload.ma...sh/swflash.cab]


**** Windows Services ****

[Aic1npeca]
[Alerter] %SystemRoot%\system32\services.exe
[AppMgmt] %SystemRoot%\system32\services.exe
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
[ATMsrvc] %SystemRoot%\System32\ATMsrvc.exe
[Autodesk Licensing Service] "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
[Avg7Alrt] C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
[Avg7UpdSvc] C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
[AVGEMS] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
[awhost32] C:\Program Files\Symantec\pcAnywhere\awhost32.exe
[BITS] %SystemRoot%\system32\svchost.exe -k BITSgroup
[Browser] %SystemRoot%\system32\services.exe
[C-DillaCdaC11BA] C:\WINNT\system32\drivers\CDAC11BA.EXE
[cisvc] C:\WINNT\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[clr_optimization_v2.0.50727_32] C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[DCPFLICS] C:\Program Files\DCPFLICS\DCPFLICS.exe
[Dhcp] %SystemRoot%\system32\services.exe
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\services.exe
[Dnscache] %SystemRoot%\system32\services.exe
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINNT\system32\svchost.exe -k netsvcs
[Fax] %systemroot%\system32\faxsvc.exe
[HidServ] %SystemRoot%\system32\hidserv.exe
[IDriverT] "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
[lanmanserver] %SystemRoot%\system32\services.exe
[lanmanworkstation] %SystemRoot%\system32\services.exe
[LmHosts] %SystemRoot%\system32\services.exe
[Messenger] %SystemRoot%\system32\services.exe
[mi-raysat_3dsmax8] "C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe"
[mnmsrvc] C:\WINNT\system32\mnmsrvc.exe
[MSDTC] C:\WINNT\system32\msdtc.exe
[MSIServer] C:\WINNT\system32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\system32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\system32\lsass.exe
[NtmsSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\system32\lsass.exe
[PPPoEService] C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
[ProtectedStorage] %SystemRoot%\system32\services.exe
[RasAuto] %SystemRoot%\system32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\system32\svchost.exe -k netsvcs
[RemoteAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\regsvc.exe
[RpcLocator] %SystemRoot%\system32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\system32\rsvp.exe -s
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardDrv] %SystemRoot%\System32\SCardSvr.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\system32\MSTask.exe
[SDhelper] C:\Program Files\Spyware Doctor\sdhelp.exe
[seclogon] %SystemRoot%\system32\services.exe
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[sfmgr] C:\3dsmax6\brazil\Brazil\Licensing\sfmgr\sfmgr.exe
[SharedAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[SoundMAX Agent Service (default)] C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
[Spooler] %SystemRoot%\system32\spoolsv.exe
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TlntSvr] %SystemRoot%\system32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\services.exe
[UPS] %SystemRoot%\System32\ups.exe
[UtilMan] %SystemRoot%\System32\UtilMan.exe
[W32Time] %SystemRoot%\System32\services.exe
[WinMgmt] %SystemRoot%\System32\WBEM\WinMgmt.exe
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[Wmi] %SystemRoot%\system32\Services.exe
[wuauserv] %systemroot%\system32\svchost.exe -k wugroup
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs


**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://ie.search.msn...st/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn...st/srchcust.htm


**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINNT\system32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.microsoft...er=6&ar=msnhome
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://www.microsoft...=ie&ar=iesearch
IEOPT: [Q261272] yes
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [Disable Script Debugger] yes
IEOPT: [Use FormSuggest] no
IEOPT: [AutoSearch]
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [Use Search Asst] no
IEOPT: [Search Bar] http://www.google.com/ie
IEOPT: [Enable Browser Extensions] yes
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [Check_Associations] no
IEOPT: [Start Page] http://www.microsoft...B_PVER}&ar=home
IEOPT: [Default_Page_URL] http://www.microsoft...er=6&ar=msnhome
IEOPT: [Default_Search_URL] http://www.microsoft...=ie&ar=iesearch
IEOPT: [Search Page] http://www.microsoft...=ie&ar=iesearch
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.00.2800.1106
IEOPT: [FullScreen] no
IEOPT: [Check_Associations] yes

hijackthis in normal:
Logfile of HijackThis v1.99.1
Scan saved at 9:43:23 PM, on 06.05.29
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.PDeskNet.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
C:\software installs\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\software installs\SetPoint\SetPoint.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterRuntime.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe
c:\program files\matrox graphics inc\powerdesk hf\Matrox.PowerDesk.Communications.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\ADMINI~1\MYDOCU~1\MYDOWN~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox PowerDesk 8] "C:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe" /silent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
O4 - HKCU\..\Run: [LDM] C:\software installs\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\software installs\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\software installs\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68250D82-B5EF-4CBC-B72C-CA04792F12D2}: NameServer = 142.163.255.4,209.128.1.4
O18 - Protocol: bw+0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\software installs\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

#6 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 30 May 2006 - 04:38 AM

Download Ewido Security Suite it is a trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.
Now close ewido security suite and post the results here.
With a new hijackthis log.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#7 Igloo225

Igloo225

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 30 May 2006 - 09:44 AM

Downloaded and ran Ewido in normal mode. Shut down and re-booted as had been the case with Trend Micro, etc. Tried it three times. Ran it in safe mode and it got all the way through.

Here's the report. Since it only showed tracking cookies, I clicked "clean". Seems it didn't work:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:25:53 AM, 06.05.30
+ Report-Checksum: D770E8FD

+ Scan result:

:mozilla.11:C:\Documents and Settings\Administrator\My Documents\Firefox 1.5.0.1 (en-US) - 2006-02-11.pcv/cookies.txt -> TrackingCookie.Com : Error during cleaning
:mozilla.12:C:\Documents and Settings\Administrator\My Documents\Firefox 1.5.0.1 (en-US) - 2006-02-11.pcv/cookies.txt -> TrackingCookie.Com : Error during cleaning
:mozilla.13:C:\Documents and Settings\Administrator\My Documents\Firefox 1.5.0.1 (en-US) - 2006-02-11.pcv/cookies.txt -> TrackingCookie.Com : Error during cleaning
:mozilla.18:C:\Documents and Settings\Administrator\My Documents\Firefox 1.5.0.1 (en-US) - 2006-02-11.pcv/cookies.txt -> TrackingCookie.Doubleclick : Error during cleaning
:mozilla.24:C:\Documents and Settings\Administrator\My Documents\Firefox 1.5.0.1 (en-US) - 2006-02-11.pcv/cookies.txt -> TrackingCookie.Mediaplex : Error during cleaning
:mozilla.25:C:\Documents and Settings\Administrator\My Documents\Firefox 1.5.0.1 (en-US) - 2006-02-11.pcv/cookies.txt -> TrackingCookie.Tribalfusion : Error during cleaning
:mozilla.27:C:\Documents and Settings\Administrator\My Documents\Firefox 1.5.0.1 (en-US) - 2006-02-11.pcv/cookies.txt -> TrackingCookie.Trafic : Error during cleaning
:mozilla.35:C:\Documents and Settings\Administrator\My Documents\Firefox 1.5.0.1 (en-US) - 2006-02-11.pcv/cookies.txt -> TrackingCookie.Tacoda : Error during cleaning
:mozilla.45:C:\Documents and Settings\Administrator\My Documents\Firefox 1.5.0.1 (en-US) - 2006-02-11.pcv/cookies.txt -> TrackingCookie.Qksrv : Error during cleaning
:mozilla.81:C:\Documents and Settings\Administrator\My Documents\Firefox 1.5.0.1 (en-US) - 2006-02-11.pcv/cookies.txt -> TrackingCookie.Onestat : Error during cleaning
:mozilla.82:C:\Documents and Settings\Administrator\My Documents\Firefox 1.5.0.1 (en-US) - 2006-02-11.pcv/cookies.txt -> TrackingCookie.Onestat : Error during cleaning


::Report End

Here's my latest hijackthis report:
Logfile of HijackThis v1.99.1
Scan saved at 11:33:18 AM, on 06.05.30
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.PDeskNet.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
C:\software installs\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\software installs\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterRuntime.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe
c:\program files\matrox graphics inc\powerdesk hf\Matrox.PowerDesk.Communications.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\ADMINI~1\MYDOCU~1\MYDOWN~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox PowerDesk 8] "C:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe" /silent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
O4 - HKCU\..\Run: [LDM] C:\software installs\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\software installs\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\software installs\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68250D82-B5EF-4CBC-B72C-CA04792F12D2}: NameServer = 142.163.255.4,209.128.1.4
O18 - Protocol: bw+0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\software installs\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {AFB7715B-FFAC-43B4-8741-ED755BBF1BC6} - C:\software installs\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

I look forward to your reply; and thanks again for your interest and support.

David

#8 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 30 May 2006 - 05:27 PM

Remove SpywareGuard
Download and run ATF Cleaner
Then reinstall Spyware guard.

Edited by little eagle, 30 May 2006 - 05:29 PM.

Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#9 Igloo225

Igloo225

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 30 May 2006 - 08:54 PM

Uninstalled SG; ran AFT and cleared all except my saved passwords. Re-installed SG. Ran CWShredder - nothing showed up. Ran CCleaner. Tried SB-S&D - it hung on CoolWWWSearch.Feat2DLL. On closing it, got a pop-up: "This program cannot be closed. Debugging...". Clicked "OK" and it closed. No change in how my computer is working - still very slow, hangs, opens blank pages, auto-reboots....

#10 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 31 May 2006 - 04:32 AM

Try running spybot in safe mode don't close it it may be just scanning, and looks like it hung give it time.

I don't think you have Feat2DLL, your log is not showing anything.

http://forums.spybot...hlight=Feat2DLL
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#11 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 20 June 2006 - 06:18 AM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·