WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help with removing Zlob Video Active X Object

Started by LeftoverQuack , Mar 05 2007 10:17 PM

This topic is locked

27 replies to this topic

#1 LeftoverQuack

New Member

Authentic Member
16 posts

Posted 05 March 2007 - 10:17 PM

[font=Tim[i][color=#009900]es New Roman]
Hey I haven't been having any problems(that I know of) but have run several scans and this keeps popping up. I've used Spybot S&D,McAffee,Ad-Aware SE Personal,Smitfraud Fix, And even Windows Defender. all say they deleted or quarantined but it still pops up, I don't know what else to do. I have been reading the forums but yeah every case is slightly different. So I hope you guys can help and it would be greatly appreciated.

Hi-Jack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:10:38 PM, on 3/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)
O2 - BHO: (no name) - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
O2 - BHO: (no name) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRA~1\Yahoo!\common\YIeTagBm.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.6.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\DWR6EXHQ\APP_1_~1.SH! C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\DWR6EXHQ\INAFAB~1.SH! C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\ICKPH0UB\NO_CON~1.SH! C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\ICKPH0UB\DC_2_~1.SH! C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\DDJIZDOR\DWB8C5~1.SH!
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZRxdm103YYUS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} -
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} -
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} -
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay10...ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O18 - Protocol: bw+0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe

I saw some suggestions in other forums,but since I don't know 100% of what I'm doing I thought I'd go by your(to whomever)advice before I do anything that I may regret later. Thanks,John

Advertisements

Register to Remove

#2 beynac

Silver Member

Visiting Fellow
459 posts

Posted 11 March 2007 - 07:25 AM

Hi LeftoverQuack.

Welcome to TomCoyote forums! I'm sorry that you've been kept waiting. I'm looking through your log now, and will post back very shortly.

In the meantime, as it's been a few days since you posted, I would like to see a new HijackThis log and a current SmitfraudFix scan please.

SmitFraudFix (by S!Ri)

Please delete your copy of SmitFraudFix as we need to make sure that you have the most recent version.

Please download SmitFraudFix from here and save it to your Desktop.
Double-click on Smitfraud.exe - this will create a SmitfraudFix folder.
Open the folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter - a text file will appear, which lists infected files (if present).

Do not run any of the other options at this stage.

Please copy/paste the content of the report (c:\rapport.txt) into your next reply, together with a new HijackThis log.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a 'RiskTool'; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between 'good' and 'malicious' use of such programs, therefore they may alert the user.

Edited by beynac, 11 March 2007 - 07:41 AM.

beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#3 LeftoverQuack

New Member

Authentic Member
16 posts

Posted 11 March 2007 - 05:16 PM

Hey Beynac,Thanks for getting back to me! And it's no prob about the wait as I know people are busy and this is all volunteer. I'm just happy someone got back to me. Anyways thanks and here's my logs.

Logfile of HijackThis v1.99.1
Scan saved at 4:09:44 PM, on 3/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)
O2 - BHO: (no name) - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
O2 - BHO: (no name) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRA~1\Yahoo!\common\YIeTagBm.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.6.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\DWR6EXHQ\APP_1_~1.SH! C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\DWR6EXHQ\INAFAB~1.SH! C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\ICKPH0UB\NO_CON~1.SH! C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\ICKPH0UB\DC_2_~1.SH! C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\DDJIZDOR\DWB8C5~1.SH!
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZRxdm103YYUS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} -
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} -
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} -
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay10...ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O18 - Protocol: bw+0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe

#4 LeftoverQuack

New Member

Authentic Member
16 posts

Posted 11 March 2007 - 05:29 PM

Um..I know for further steps I need to close all applications. But my McAffee Security Suite just upgraded to the newest version the other day and I don't know how to close that program. Before I could just right click it and it would give me a exit option..so I dunno..if you know how to do that it would be most helpful i'm sure. Her's my Rapport SmitFraudFix v2.148 Scan done at 16:24:17.06, Sun 03/11/2007 Run from C:\Documents and Settings\John Quackenbush\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John Quackenbush »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John Quackenbush\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JOHNQU~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

#5 beynac

Silver Member

Visiting Fellow
459 posts

Posted 12 March 2007 - 05:36 AM

Good Morning.

There's quite a lot to do in this post - take it step-by-step. Stop and ask if you have any problems or questions.

I'm afraid that I don't know the answer to your question about McAfee. There should be a McAfee Security Center, or something similar, which will let you adjust the setting of all of the programs in the suite. However, there should not be any need to disable any of the McAfee programs. If there is a problem, you should get an alert and be able to 'allow' the action. We do, however, need to disable Windows Defender and Spybot's TeaTimer as they can interfere with our 'fix'.

Windows Defender:

Open Windows Defender
Click Tools => General Settings
Scroll down and uncheck Turn on real-time protection (recommended).
Click Save
Close Windows Defender

Spybot S&D 'TeaTimer'

Open Spybot S&D
Go to the Mode menu, and make sure Advanced Mode is selected
On the left hand side, choose Tools then Resident
Uncheck Resident TeaTimer and OK any prompts

Don't forget to re-enable these programs once we have finished.

-------------------------------------------------------------

Logitech Desktop Messenger

Logitech® Desktop Messenger (LDM) is a free service designed to deliver software support, news and information you can use. LDM ensures that you have simple, speedy, and effortless access to product upgrades, technology tips, and technology news and offers that are relevant to you. LDM delivers information right to your desktop, allowing you to take advantage of all of the advanced features of the Logitech products you own, while staying abreast of new computer-related product and service developments (Logitech and otherwise) that are applicable to your life. Once a week, when connected to the internet, Logitech Desktop Messenger will automatically connect with Logitech servers to see if there are any new messages for you. It performs this check during idle time to avoid slowing down other applications that may be accessing the Internet. If there is a message on the server, then Logitech Desktop Messenger will download the message utilizing bandwidth that would otherwise be unused. After the message is downloaded, Logitech Desktop Messenger will wait for one minute of keyboard and mouse inactivity before displaying the message on your screen.

I suggest that you uninstall this program and check for updates manually.

Please go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs, if they are present.

MyWebSearch or MyWay (uninstall this/these whatever you decide about LDM)
SpamBlocker or SpamBlocker Utility (uninstall this whatever you decide about LDM)
Logitech Desktop Messenger (this one is up to you!)

-----------------------------------------------------

We have quite a few lines to 'fix' using HijackThis.

Run HijackThis and click Scan and then check (tick) the following, if present (don't worry if any are missing):

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)
O2 - BHO: (no name) - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
O2 - BHO: (no name) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.6.0\SbOEAddOn.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZRxdm103YYUS
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} -
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} -
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} -
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} -
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} -
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -

Close down all programs, browsers and other open windows. Make sure that only the above items are checked and then click on Fix checked.

Click on Start then My Computer, find the following folder (highlighted in red) and delete it, if present. Don't worry if it's missing, but please let me know.

C:\Program Files\SpamBlockerUtility\

------------------------------------------------------------

ATF Cleaner by Atribune ©

Download ATF Cleaner by Atribune © from here : http://www.atribune..../click.php?id=1
This is a stand-alone program that does not need to be installed. Save it to a convenient location and make a shortcut on your desktop. Using this program will remove temporary files, temporary internet files and cookies from your system, which will mean that any scans will run faster.

Make sure that all browser windows are closed
Double-click the shortcut on your desktop to run the program.
Under Main, choose Select All
Untick Prefetch
Click Empty Selected
If you use Firefox browser,
- Click Firefox at the top and choose Select All
- Click on Empty Selected
- NOTE: If you would like to keep any saved passwords, please untick that option.
Click Exit to close.
If you use Opera browser,
- Click Opera at the top and choose Select All
- Click on Empty Selected
- NOTE: If you would like to keep any saved passwords, please untick that option.
Click Exit to close.

------------------------------------------------------

AVG Anti-Spyware:

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:

Click the Update icon at the top and under Manual Update click the Start update button.
The program will either update or inform you that no update was available.

You will need to change the following settings:

Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
Click the Update icon and untick the automatic update option.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act? - make sure that Quarantine is selected.
Under How to scan? - All checkboxes should be ticked.
Under Possibly unwanted software - All checkboxes should be ticked.
Under Reports - Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan? - Select Scan every file.

You can now close AVG Anti-Spyware. Do not scan yet.

---------------------------------------------------

Boot to Safe Mode.

You will need to reboot your computer into Safe Mode for the next steps. It would be a good idea for you to print these instructions, as you will not have access to the internet.

Important: If you have an always on connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode. I suggest that you print out these instructions.

Restart your computer.
Continually tap the F8 button as your computer is booting (a menu appears).
Use up-arrow key to select Safe Mode and press Enter.

------------------------------------------------

Run AVG Anti-Spyware:

Close all open windows and then start AVG Anti-Spyware, which you downloaded earlier

Click on Scanner on the toolbar.
Click on Complete System Scan to start the scan process.
Let the program scan your computer.
When the scan has finished, follow the instructions below:
- Make sure that Set all elements to: shows Quarantine
- Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
- When the program has finished, it will display the message All actions have been applied.
- Then click the Save Scan Report button.
- Click the Save Report as button.
- Save the report to your Desktop.
Right-click the AVG Tray Icon and select Exit.

-----------------------------------------------------------------

Reboot in Normal Mode.

-----------------------------------------------------

Please post, as a reply to this thread:

The AVG Anti-Spyware report
A new HijackThis log

Please also let me know how your computer is running.

beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#6 LeftoverQuack

New Member

Authentic Member
16 posts

Posted 12 March 2007 - 09:36 PM

Ok I didn't find Mywebsearch or my way in Add/Remove programs. I also couldn't find C:\Program File\SpamBlockerUtility\ So that was not deleted.
Anyways here's my logs and btw my computer runs the same as it always has. I never actually got problems with I just run scans anytime a new definition is updated and the zlob just popped up in everything.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:10:12 PM 3/12/2007

+ Scan result:

HKU\S-1-5-21-1060284298-1292428093-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\John Quackenbush\My Documents\My Received Files\WinRar 3.51 Crack.rar/WinRar 3.51 Crack\crack.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\John Quackenbush\My Documents\My Received Files\WinRar 3.51 Crack.zip/WinRar 3.51 Crack/crack.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\John Quackenbush\My Documents\My Received Files\WinRar 3.51 Crack\WinRar 3.51 Crack\crack.exe -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 8:32:02 PM, on 3/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)
O2 - BHO: (no name) - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
O2 - BHO: (no name) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRA~1\Yahoo!\common\YIeTagBm.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.6.0\SbOEAddOn.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\DWR6EXHQ\APP_1_~1.SH! C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\DWR6EXHQ\INAFAB~1.SH! C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\ICKPH0UB\NO_CON~1.SH! C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\ICKPH0UB\DC_2_~1.SH! C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\DDJIZDOR\DWB8C5~1.SH!
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader -
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} -
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} -
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_06) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} -
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay10...ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O18 - Protocol: bw+0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe

#7 LeftoverQuack

New Member

Authentic Member
16 posts

Posted 12 March 2007 - 09:42 PM

Oh obviously I kept the Logitech Desktop manager also I reenabled the Windows Defender ans Spybot Resident right before I did the last Hijack this log that's why they may appear but they were disabled during everything else. John

#8 beynac

Silver Member

Visiting Fellow
459 posts

Posted 13 March 2007 - 09:51 AM

Hi John.

I note your decision re. Logitech Desktop Messenger.

I may have spoken too soon about McAfee - something certainly stopped the fix!

We need to try again, but this time in safe mode. AVG Anti-Spyware removed a Trojan which hadn't shown up elsewhere. The Blacklight scan is to see if there is anything hidden. It's very strange that virtually the whole HijackThis fix failed!

First, I need you to disable Windows Defender and TeaTimer again. I don't think that they should cause problems in safe mode, but let's make sure.

Windows Defender:

Open Windows Defender
Click Tools => General Settings
Scroll down and uncheck Turn on real-time protection (recommended).
Click Save
Close Windows Defender

Spybot S&D 'TeaTimer'

Open Spybot S&D
Go to the Mode menu, and make sure Advanced Mode is selected
On the left hand side, choose Tools then Resident
Uncheck Resident TeaTimer and OK any prompts

Don't forget to re-enable these programs once we have finished.

---------------------------------------------------------------

Show hidden System Files:

Click Start
Open My Computer
Select the Tools menu and click Folder Options
Select the View tab
Advanced Settings:
- Under Hidden files and folders, select Show hidden files and folders
- Uncheck Hide extensions for known file types
- Uncheck Hide protected operating system files (Recommended)
Click Apply to All Folders
Click Yes to confirm
Click OK

----------------------------------------------------------

Boot to Safe Mode.

You will need to reboot your computer into Safe Mode for the next steps. It would be a good idea for you to print these instructions, as you will not have access to the internet.

Important: If you have an always on connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode. I suggest that you print out these instructions.

Restart your computer.
Continually tap the F8 button as your computer is booting (a menu appears).
Use up-arrow key to select Safe Mode and press Enter.

------------------------------------------------

Run HijackThis and click Scan and then check (tick) the following, if present (don't worry if any are missing):

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)
O2 - BHO: (no name) - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
O2 - BHO: (no name) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.6.0\SbOEAddOn.exe
O16 - DPF: RaptisoftGameLoader -
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} -
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} -
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} -
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_06) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} -
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} -
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -

Close down all programs, browsers and other open windows. Make sure that only the above items are checked and then click on Fix checked.

Click on Start then My Computer, find the following folder (highlighted in red) and delete it, if present. Don't worry if it's missing, but please let me know.

C:\Program Files\SpamBlockerUtility\

--------------------------------------------------------------

Reboot the computer normally.

--------------------------------------------------------------

F-Secure BlackLight

Please download F-Secure Blacklight (blbeta.exe) from here.

Click I ACCEPT and download the graphical user interface version to your Desktop
Double click the file to run it, choose I accept the agreement then click Scan
It will create a log on your desktop (fsbl-date/time.log).
If it finds anything, do not rename any. Legitimate items can also be present.
Exit Blacklight

---------------------------------------------------------------

Please post, as a reply to this thread:

The Blacklight log
A new HijackThis log

beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#9 LeftoverQuack

New Member

Authentic Member
16 posts

Posted 13 March 2007 - 06:11 PM

Hey Beynac. Um I kinda screwed up. I was gonna post on here then I got sidetracked and had already deleted my Blacklight Log. It didn't find anything though. Tried to create another log by running Blacklight again but it didn't work.I did however figure out how to disable McAffee like system guards,active shield etc. Well here's my Hijack This log.

Logfile of HijackThis v1.99.1
Scan saved at 5:04:58 PM, on 3/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)
O2 - BHO: (no name) - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
O2 - BHO: (no name) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRA~1\Yahoo!\common\YIeTagBm.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\DWR6EXHQ\APP_1_~1.SH! C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\DWR6EXHQ\INAFAB~1.SH! C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\ICKPH0UB\NO_CON~1.SH! C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\ICKPH0UB\DC_2_~1.SH! C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\DDJIZDOR\DWB8C5~1.SH!
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader -
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} -
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} -
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} -
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay10...ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O18 - Protocol: bw+0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe

#10 beynac

Silver Member

Visiting Fellow
459 posts

Posted 14 March 2007 - 06:05 AM

Good morning John.

No problems about the Blacklight log. The main thing is that it was clean. I don't understand why it didn't work the second time though! The HijackThis fix failed again. We got rid of a couple of lines, but the bulk of it is still there. This is very strange. McAfee shouldn't be blocking it when we run it in safe mode. Windows Defender and Spybot's TeaTimer can do this, but you had disabled them. Do you know of anything else that may be blocking changes to the Windows Registry? Did you get any options to do this when installing McAfee?

Most of the lines we are trying to fix are harmless, but one of them is the remnant of Zlob which is causing the warnings. I want to run another tool which will give me a view of what is going on in your computer and also provides a different way to try to fix those open items.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Close ALL OTHER PROGRAMS.
Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please post the report, as a reply to this thread. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts. It's important that I get the complete report.

beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

Advertisements

Register to Remove

#11 LeftoverQuack

New Member

Authentic Member
16 posts

Posted 14 March 2007 - 06:06 PM

Hmm that's weird,only thing I could think of is SPyware Blaster. I deleted it just in case. And besides I have a billion anti-spy programs anyways. Here's my log for that program.

WinPFind3 logfile created on: 3/14/2007 4:36:05 PM
WinPFind3U by OldTimer - Version 1.0.23 Folder = C:\Documents and Settings\John Quackenbush\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

2094556 Kb Total Physical Memory | 1542020 Kb Available Physical Memory | 73.62% Memory free
4032584 Kb Paging File | 3556168 Kb Available in Paging File | 88.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 244091608 Kb Total Space | 103129348 Kb Free Space | 42.25% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

[Processes - Non-Microsoft Only]
cocimanager.exe -> %CommonProgramFiles%\LogiShrd\LQCVFX\COCIManager.exe -> Logitech Inc. [Ver = 10.5.1.2029 | Size = 230936 bytes | Modified Date = 2/8/2007 2:12:20 AM | Attr = ]
communications_helper.exe -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe -> Logitech Inc. [Ver = 1.4.7.2031 | Size = 488984 bytes | Modified Date = 2/8/2007 2:12:48 AM | Attr = ]
ctdvddet.exe -> %ProgramFiles%\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 6/18/2003 2:00:00 AM | Attr = ]
cthelper.exe -> %SystemRoot%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 2, 0, 0, 35 | Size = 16384 bytes | Modified Date = 11/8/2005 8:30:00 PM | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 6:01:00 PM | Attr = ]
ctxfihlp.exe -> %System32%\CTXFIHLP.EXE -> Creative Technology Ltd [Ver = 2, 0, 1, 4 | Size = 18944 bytes | Modified Date = 3/2/2006 12:00:18 PM | Attr = ]
ctxfispi.exe -> %System32%\CTXFISPI.EXE -> Creative Technology Ltd [Ver = 1.0.21.1141 | Size = 717312 bytes | Modified Date = 3/2/2006 11:53:36 AM | Attr = ]
dllml.exe -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> Creative Technology Ltd. [Ver = 1.0.21.0 | Size = 49152 bytes | Modified Date = 6/16/2005 7:25:28 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
hpqimzone.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqimzone.exe -> Hewlett-Packard Development Company, L.P. [Ver = 065.000.117.000 | Size = 479232 bytes | Modified Date = 2/10/2006 7:56:12 AM | Attr = ]
hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 239320 bytes | Modified Date = 2/19/2006 5:24:52 AM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 2/19/2006 2:41:10 AM | Attr = ]
hwapi.exe -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.2.104.0 | Size = 540776 bytes | Modified Date = 1/9/2007 6:01:50 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 10:36:32 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 10:36:36 AM | Attr = ]
logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech [Ver = 2.30.04 | Size = 36864 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
lvcomsx.exe -> %CommonProgramFiles%\Logitech\LComMgr\LVComSX.exe -> Logitech Inc. [Ver = 10.5.1.2027 | Size = 252704 bytes | Modified Date = 2/6/2007 6:43:26 PM | Attr = ]
lvprcsrv.exe -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 10.5.1.2027 | Size = 109344 bytes | Modified Date = 2/6/2007 6:45:26 PM | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 566872 bytes | Modified Date = 1/5/2007 5:21:16 PM | Attr = ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 1/5/2007 5:22:12 PM | Attr = ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,106,0 | Size = 2209320 bytes | Modified Date = 1/11/2007 3:08:34 PM | Attr = ]
mcods.exe -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 7:03:36 PM | Attr = ]
mcpromgr.exe -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 1/5/2007 5:21:40 PM | Attr = ]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 1,2,137,0 | Size = 352856 bytes | Modified Date = 1/19/2007 9:57:56 PM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.101.x86 | Size = 144960 bytes | Modified Date = 12/22/2006 5:02:26 PM | Attr = ]
mcuimgr.exe -> %ProgramFiles%\McAfee\MSC\mcuimgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 250968 bytes | Modified Date = 1/5/2007 5:22:00 PM | Attr = ]
mcvsshld.exe -> %ProgramFiles%\McAfee\VirusScan\mcvsshld.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 370256 bytes | Modified Date = 1/16/2007 7:03:34 PM | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 229376 bytes | Modified Date = 11/28/2005 1:11:36 PM | Attr = ]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.115.0 | Size = 839720 bytes | Modified Date = 1/15/2007 4:16:00 PM | Attr = ]
mps.exe -> %ProgramFiles%\McAfee\MPS\mps.exe -> McAfee, Inc. [Ver = 9.2.131.0 | Size = 906792 bytes | Modified Date = 1/23/2007 8:16:12 PM | Attr = ]
mpsevh.exe -> %ProgramFiles%\McAfee\MPS\mpsevh.exe -> McAfee, Inc. [Ver = 9.2.128.0 | Size = 304680 bytes | Modified Date = 1/16/2007 6:42:02 PM | Attr = ]
mskagent.exe -> %ProgramFiles%\McAfee\MSK\mskagent.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 152144 bytes | Modified Date = 1/17/2007 6:30:24 PM | Attr = ]
msksrver.exe -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 29264 bytes | Modified Date = 1/17/2007 6:30:34 PM | Attr = ]
mssysmgr.exe -> %ProgramFiles%\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe -> Ahead Software [Ver = 1.0.1.0 | Size = 212992 bytes | Modified Date = 2/25/2005 5:28:04 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8198 | Size = 131139 bytes | Modified Date = 12/10/2005 3:06:00 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 10/18/2006 9:17:50 PM | Attr = ]
redirsvc.exe -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,2,112,0 | Size = 248416 bytes | Modified Date = 1/15/2007 12:25:22 PM | Attr = ]
saservice.exe -> %ProgramFiles%\SiteAdvisor\6028\SAService.exe -> McAfee, Inc. [Ver = 2.3.0 | Size = 321064 bytes | Modified Date = 2/12/2007 12:36:42 PM | Attr = ]
siteadv.exe -> %ProgramFiles%\SiteAdvisor\6028\SiteAdv.exe -> McAfee, Inc. [Ver = 2.3.0 | Size = 36904 bytes | Modified Date = 1/17/2007 12:24:46 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.23.0 | Size = 313344 bytes | Modified Date = 3/11/2007 10:34:40 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 229376 bytes | Modified Date = 11/28/2005 1:11:36 PM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 6:01:00 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
(Emproxy) McAfee E-mail Proxy [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\McAfee\EmProxy\emproxy.exe -> McAfee, Inc. [Ver = 11,2,206,0 | Size = 341584 bytes | Modified Date = 1/12/2007 5:13:24 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/31/2007 6:36:50 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 11/14/2005 2:06:04 AM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 10:36:32 AM | Attr = ]
(LVPrcSrv) Logitech Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 10.5.1.2027 | Size = 109344 bytes | Modified Date = 2/6/2007 6:45:26 PM | Attr = ]
(LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 10.5.1.2027 | Size = 105248 bytes | Modified Date = 2/6/2007 6:47:12 PM | Attr = ]
(McAfee HackerWatch Service) McAfee HackerWatch Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.2.104.0 | Size = 540776 bytes | Modified Date = 1/9/2007 6:01:50 PM | Attr = ]
(mcmispupdmgr) McAfee Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\MSC\mcupdmgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 689752 bytes | Modified Date = 1/5/2007 5:22:18 PM | Attr = ]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 1/5/2007 5:22:12 PM | Attr = ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,106,0 | Size = 2209320 bytes | Modified Date = 1/11/2007 3:08:34 PM | Attr = ]
(McODS) McAfee Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 7:03:36 PM | Attr = ]
(mcpromgr) McAfee Protection Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 1/5/2007 5:21:40 PM | Attr = ]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 1,2,137,0 | Size = 352856 bytes | Modified Date = 1/19/2007 9:57:56 PM | Attr = ]
(McRedirector) McAfee Redirector Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,2,112,0 | Size = 248416 bytes | Modified Date = 1/15/2007 12:25:22 PM | Attr = ]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Paused] -> -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 1/25/2007 7:01:58 PM | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.115.0 | Size = 839720 bytes | Modified Date = 1/15/2007 4:16:00 PM | Attr = ]
(MPS9) McAfee Privacy Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPS\mps.exe -> McAfee, Inc. [Ver = 9.2.131.0 | Size = 906792 bytes | Modified Date = 1/23/2007 8:16:12 PM | Attr = ]
(MSK80Service) McAfee SpamKiller Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 29264 bytes | Modified Date = 1/17/2007 6:30:34 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8198 | Size = 131139 bytes | Modified Date = 12/10/2005 3:06:00 AM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Stopped] -> -> File not found
(SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiteAdvisor\6028\SAService.exe -> McAfee, Inc. [Ver = 2.3.0 | Size = 321064 bytes | Modified Date = 2/12/2007 12:36:42 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 11:46:24 PM | Attr = ]
AudioDrvEmulator -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> Creative Technology Ltd. [Ver = 1.0.21.0 | Size = 49152 bytes | Modified Date = 6/16/2005 7:25:28 PM | Attr = ]
CTDVDDET -> %ProgramFiles%\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 6/18/2003 2:00:00 AM | Attr = ]
CTHelper -> %SystemRoot%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 2, 0, 0, 35 | Size = 16384 bytes | Modified Date = 11/8/2005 8:30:00 PM | Attr = ]
CTxfiHlp -> %System32%\CTXFIHLP.EXE -> Creative Technology Ltd [Ver = 2, 0, 1, 4 | Size = 18944 bytes | Modified Date = 3/2/2006 12:00:18 PM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 2/19/2006 2:41:10 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 10:36:36 AM | Attr = ]
LogitechCommunicationsManager -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe -> Logitech Inc. [Ver = 1.4.7.2031 | Size = 488984 bytes | Modified Date = 2/8/2007 2:12:48 AM | Attr = ]
LogitechQuickCamRibbon -> %ProgramFiles%\Logitech\QuickCam10\QuickCam10.exe -> [Ver = | Size = 774168 bytes | Modified Date = 2/8/2007 2:13:48 AM | Attr = ]
LVCOMSX -> %CommonProgramFiles%\Logitech\LComMgr\LVComSX.exe -> Logitech Inc. [Ver = 10.5.1.2027 | Size = 252704 bytes | Modified Date = 2/6/2007 6:43:26 PM | Attr = ]
MskAgentexe -> %ProgramFiles%\McAfee\MSK\mskagent.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 152144 bytes | Modified Date = 1/17/2007 6:30:24 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8198 | Size = 7311360 bytes | Modified Date = 12/10/2005 3:06:00 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5a38 | Size = 282624 bytes | Modified Date = 12/6/2006 1:03:56 PM | Attr = ]
SiteAdvisor -> %ProgramFiles%\SiteAdvisor\6028\SiteAdv.exe -> McAfee, Inc. [Ver = 2.3.0 | Size = 36904 bytes | Modified Date = 1/17/2007 12:24:46 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 10/18/2006 9:17:50 PM | Attr = ]
UpdReg -> %SystemRoot%\Updreg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/11/2000 2:00:00 AM | Attr = ]
YBrowser -> %ProgramFiles%\Yahoo!\browser\ybrwicon.exe -> Yahoo! Inc. [Ver = 2006, 7, 21, 1 | Size = 129536 bytes | Modified Date = 7/21/2006 4:19:46 PM | Attr = ]
YOP -> %ProgramFiles%\Yahoo!\YOP\yop.exe -> Yahoo! Inc. [Ver = 2006, 7, 20, 1 | Size = 407032 bytes | Modified Date = 7/21/2006 10:43:10 AM | Attr = ]
< RunOnceEx [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
-> -> File not found
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DellSupport -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Modified Date = 5/15/2005 2:04:12 AM | Attr = ]
DW4 -> %ProgramFiles%\The Weather Channel FW\Desktop Weather\DesktopWeather.exe -> The Weather Channel Interactive [Ver = 5, 0, 1, 0 | Size = 728176 bytes | Modified Date = 4/19/2006 9:30:04 AM | Attr = ]
LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech [Ver = 2.30.04 | Size = 36864 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
PhotoShow Deluxe Media Manager -> %ProgramFiles%\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe -> Ahead Software [Ver = 1.0.1.0 | Size = 212992 bytes | Modified Date = 2/25/2005 5:28:04 PM | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
< RunOnce [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
DelayShred -> %ProgramFiles%\McAfee\MSHR\ShrCL.exe -> [Ver = | Size = 95784 bytes | Modified Date = 1/17/2007 7:02:20 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 11:05:26 PM | Attr = ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2/19/2006 4:21:22 AM | Attr = ]
%AllUsersStartup%\HP Photosmart Premier Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 065.000.117.000 | Size = 73728 bytes | Modified Date = 2/10/2006 7:56:20 AM | Attr = ]
%AllUsersStartup%\Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare Software\bin\EasyShare.exe -> [Ver = 5, 3, 33, 27 | Size = 180224 bytes | Modified Date = 6/7/2006 7:26:28 AM | Attr = ]
%AllUsersStartup%\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe -> Logitech [Ver = 2.30.04 | Size = 196608 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
%AllUsersStartup%\Post-it® Software Notes Lite.lnk -> %ProgramFiles%\3M\PSNLite\PsnLite.exe -> 3M [Ver = 3, 1, 1, 1073 | Size = 2080768 bytes | Modified Date = 10/15/2004 3:26:54 PM | Attr = ]
%AllUsersStartup%\SBC Self Support Tool.lnk -> %ProgramFiles%\SBC Self Support Tool\bin\matcli.exe -> Motive Communications, Inc. [Ver = 5.6.1.asst_classic.asst_matcli.20031010_085000 | Size = 217088 bytes | Modified Date = 10/10/2003 10:06:10 AM | Attr = ]
< ICQ Agent [HKCU] > -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\
HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 7:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft...p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft...p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Bar -> http://www.yahoo.com/search/ie.html ->
HKCU: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page -> http://dsl.sbc.yahoo.com/ ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 1:53:18 PM | Attr = ]
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> 127.0.0.1;*.local ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 1:53:18 PM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 5:16:42 AM | Attr = ]
{089FD14D-132B-48FC-8861-0048AE113215} [HKLM] -> %ProgramFiles%\SiteAdvisor\6028\SiteAdv.dll [Reg Data - Value does not exist] -> McAfee, Inc. [Ver = 2.3.0 | Size = 1095208 bytes | Modified Date = 2/8/2007 7:38:16 PM | Attr = ]
{227B8AA8-DAF2-4892-BD1D-73F568BCB24E} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{3EC8255F-E043-4cae-8B3B-B191550C2A22} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{41D68ED8-4CFF-4115-88A6-6EBB8AF19000} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:54 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118844 bytes | Modified Date = 5/31/2005 6:33:00 AM | Attr = ]
{65D886A2-7CA7-479B-BB95-14D1EFB7946A} [HKLM] -> %ProgramFiles%\Yahoo!\common\YIeTagBm.dll [YahooTaggedBM Class] -> Yahoo! Inc. [Ver = 2006, 7, 28, 1 | Size = 120312 bytes | Modified Date = 7/28/2006 12:36:30 PM | Attr = ]
{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> File not found
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\virusscan\scriptcl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.2.101.x86 | Size = 67136 bytes | Modified Date = 12/22/2006 5:02:40 PM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} [HKLM] -> %ProgramFiles%\McAfee\MPS\McPopup.dll [CPub Object] -> McAfee, Inc. [Ver = 9.2.128.0 | Size = 174120 bytes | Modified Date = 1/16/2007 6:41:30 PM | Attr = ]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKLM] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 2/3/2005 6:07:08 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKLM] -> %ProgramFiles%\SiteAdvisor\6028\SiteAdv.dll [McAfee SiteAdvisor] -> McAfee, Inc. [Ver = 2.3.0 | Size = 1095208 bytes | Modified Date = 2/8/2007 7:38:16 PM | Attr = ]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 1:53:18 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
WebBrowser\\{C7768536-96F8-4001-B1A2-90EE21279187} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 1:53:18 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Google Search -> Reg Data - Value does not exist -> File not found
&Search -> Reg Data - Value does not exist -> File not found
&Translate English Word -> Reg Data - Value does not exist -> File not found
&Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll\search.htm -> File not found
Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found
Backward Links -> Reg Data - Value does not exist -> File not found
Cached Snapshot of Page -> Reg Data - Value does not exist -> File not found
Similar Pages -> Reg Data - Value does not exist -> File not found
Translate Page into English -> Reg Data - Value does not exist -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{070D28E1-6FC2-492D-869C-7A77E6B2A821} -> (1394 Net Adapter) ->
{5393AB08-C7EC-4E6B-8724-B16B93B51616} -> (1394 Net Adapter) ->
{578E5CE5-8DAC-4337-A34E-978F6CE42D07} -> () ->
{A1A72FA1-C296-484B-8E8C-ABAD8899CADB} -> (1394 Net Adapter) ->
{B4F4B190-1E89-4318-B6DA-EC8BB68E487F} -> (NVIDIA nForce Networking Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
bw+0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw+0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw-0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw00 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw00s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw-0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw10 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw10s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw20 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw20s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw30 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw30s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw40 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw40s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw50 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw50s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw60 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw60s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw70 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw70s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw80 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw80s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw90 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bw90s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwa0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwa0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwb0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwb0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwc0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwc0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwd0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwd0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwe0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwe0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwf0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwf0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwfile-8876480 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwg0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwg0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwh0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwh0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwi0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwi0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwj0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwj0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwk0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwk0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwl0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwl0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwm0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwm0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwn0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwn0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwo0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwo0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwp0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwp0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwq0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwq0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwr0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwr0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bws0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bws0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwt0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwt0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwu0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwu0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwv0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwv0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bww0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bww0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwx0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwx0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwy0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwy0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwz0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
bwz0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
offline-8876480 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 1/29/2007 4:16:22 PM | Attr = ]
siteadvisor -> %ProgramFiles%\SiteAdvisor\6028\SiteAdv.dll -> McAfee, Inc. [Ver = 2.3.0 | Size = 1095208 bytes | Modified Date = 2/8/2007 7:38:16 PM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{00B71CFB-6864-4346-A978-C0A14556272C} -> Checkers Class - CodeBase = http://messenger.zon...kr.cab31267.cab ->
{01A88BB1-1174-41EC-ACCB-963509EAE56B} -> - CodeBase = ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> - CodeBase = ->
{14B87622-7E19-4EA8-93B3-97215F77A6BC} -> MessengerStatsClient Class - CodeBase = http://messenger.zon...nt.cab31267.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> - CodeBase = ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.micr...heckControl.cab ->
{2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} -> - CodeBase = ->
{233C1507-6A77-46A4-9443-F871F945D258} -> - CodeBase = ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> - CodeBase = ->
{4B48D5DF-9021-45F7-A240-60304302A215} -> - CodeBase = ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -> McAfee.com Operating System Class - CodeBase = http://download.mcaf...01/mcinsctl.cab ->
{5D6F45B3-9043-443D-A792-115447494D24} -> - CodeBase = ->
{62789780-B744-11D0-986B-00609731A21D} -> - CodeBase = ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> - CodeBase = ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> - CodeBase = ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zon...nt.cab31267.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> - CodeBase = ->
{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} -> - CodeBase = ->
{B1826A9F-4AA0-4510-BA77-9013E74E4B9B} -> - CodeBase = ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} -> ZoneIntro Class - CodeBase = http://messenger.zon...ro.cab47946.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.m...ash/swflash.cab ->
{DA758BB1-5F89-4465-975F-8D7179A4BCF3} -> WheelofFortune Object - CodeBase = http://messenger.zon...oF.cab31267.cab ->
{E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} -> - CodeBase = ->
{F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -> Hotmail Attachments Control - CodeBase = http://by105fd.bay10...ex/HMAtchmt.ocx ->
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -> - CodeBase = ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->
RaptisoftGameLoader -> - CodeBase = ->
Yahoo! Chat -> - CodeBase = http://us.chat1.yimg...t/c381/chat.cab ->

[Files/Folders - Created Within 30 days]
2eff7b495cf4ddf909d76fd7e30f89 -> %SystemDrive%\2eff7b495cf4ddf909d76fd7e30f89 -> [Folder | Created Date = 2/20/2007 5:31:26 PM | Attr = ]
$NtUninstallKB916089$ -> %SystemRoot%\$NtUninstallKB916089$ -> [Folder | Created Date = 3/2/2007 12:30:56 PM | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Created Date = 2/13/2007 7:23:31 PM | Attr = H ]
$NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ -> [Folder | Created Date = 2/20/2007 5:28:00 PM | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Created Date = 2/13/2007 7:23:21 PM | Attr = H ]
$NtUninstallKB925720$ -> %SystemRoot%\$NtUninstallKB925720$ -> [Folder | Created Date = 2/20/2007 8:03:26 PM | Attr = H ]
$NtUninstallKB925766$ -> %SystemRoot%\$NtUninstallKB925766$ -> [Folder | Created Date = 2/20/2007 5:27:42 PM | Attr = H ]
$NtUninstallKB925876$ -> %SystemRoot%\$NtUninstallKB925876$ -> [Folder | Created Date = 2/20/2007 5:31:14 PM | Attr = H ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Created Date = 2/20/2007 5:31:08 PM | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Created Date = 2/13/2007 7:23:37 PM | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Created Date = 2/13/2007 7:23:25 PM | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Created Date = 2/13/2007 7:23:03 PM | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Created Date = 2/13/2007 7:22:48 PM | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Created Date = 2/13/2007 7:22:58 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 3/13/2007 4:56:04 PM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Created Date = 3/13/2007 4:57:21 PM | Attr = H ]
$NtUninstallKB931836$ -> %SystemRoot%\$NtUninstallKB931836$ -> [Folder | Created Date = 2/13/2007 7:23:43 PM | Attr = H ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ -> [Folder | Created Date = 2/20/2007 5:31:01 PM | Attr = H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Created Date = 2/20/2007 5:31:32 PM | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Created Date = 2/20/2007 5:29:10 PM | Attr = H ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ -> [Folder | Created Date = 2/20/2007 5:30:12 PM | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Created Date = 2/20/2007 5:28:35 PM | Attr = H ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 3/9/2007 2:33:52 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 3/9/2007 2:33:52 AM | Attr = H ]
snymsico.dll -> %SystemRoot%\snymsico.dll -> Sony Corporation [Ver = 1, 0, 0, 09120 | Size = 90112 bytes | Created Date = 3/8/2007 3:12:19 AM | Attr = ]
CDDBControlSony.dll -> %System32%\CDDBControlSony.dll -> Gracenote, Inc. [Ver = 2, 4, 1, 13 | Size = 655360 bytes | Created Date = 3/8/2007 3:11:52 AM | Attr = ]
CddbLinkSony.dll -> %System32%\CddbLinkSony.dll -> Gracenote [Ver = 2, 4, 1, 4 | Size = 73728 bytes | Created Date = 3/8/2007 3:11:52 AM | Attr = ]
CddbMusicIDSony.dll -> %System32%\CddbMusicIDSony.dll -> Gracenote [Ver = 2, 4, 1, 25 | Size = 589824 bytes | Created Date = 3/8/2007 3:11:52 AM | Attr = ]
CddbPlaylist2Sony.dll -> %System32%\CddbPlaylist2Sony.dll -> [Ver = 2, 4, 1, 12 | Size = 532480 bytes | Created Date = 3/8/2007 3:11:52 AM | Attr = ]
CDDBUISony.dll -> %System32%\CDDBUISony.dll -> Gracenote [Ver = 2, 4, 1, 8 | Size = 770048 bytes | Created Date = 3/8/2007 3:11:52 AM | Attr = ]
d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = | Size = 552 bytes | Created Date = 3/12/2007 6:38:15 PM | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 3/5/2007 6:17:29 PM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Created Date = 2/20/2007 5:28:39 PM | Attr = ]
lvci1051.dll -> %System32%\lvci1051.dll -> Logitech Inc. [Ver = 10.5.1.2023 | Size = 129824 bytes | Created Date = 3/9/2007 2:47:21 AM | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 3/5/2007 6:17:28 PM | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 3/5/2007 6:17:29 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 3/5/2007 6:17:28 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 3/5/2007 6:17:29 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 3/5/2007 6:17:29 PM | Attr = ]
tmp.reg -> %System32%\tmp.re

#12 LeftoverQuack

New Member

Authentic Member
16 posts

Posted 14 March 2007 - 06:10 PM

swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 3/5/2007 6:17:29 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 4178 bytes | Created Date = 3/5/2007 6:24:01 PM | Attr = ]
XPSViewer -> %System32%\XPSViewer -> [Folder | Created Date = 2/20/2007 5:32:50 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 3/12/2007 6:08:53 PM | Attr = ]
NETMD031.sys -> %System32%\drivers\NETMD031.sys -> Sony Corporation [Ver = 1.3.11.04010 | Size = 35319 bytes | Created Date = 3/8/2007 3:12:19 AM | Attr = ]
NETMD033.sys -> %System32%\drivers\NETMD033.sys -> Sony Corporation [Ver = 1.3.30.11110 | Size = 36232 bytes | Created Date = 3/8/2007 3:12:19 AM | Attr = ]
NETMD052.sys -> %System32%\drivers\NETMD052.sys -> Sony Corporation [Ver = 1.3.32.10310 | Size = 36679 bytes | Created Date = 3/8/2007 3:12:19 AM | Attr = ]
NETMDUSB.sys -> %System32%\drivers\NETMDUSB.sys -> Sony Corporation [Ver = 1.2.10.08080 | Size = 38951 bytes | Created Date = 3/8/2007 3:12:19 AM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Created Date = 2/20/2007 5:28:39 PM | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 2/20/2007 5:28:40 PM | Attr = H ]

[Files/Folders - Modified Within 30 days]
2eff7b495cf4ddf909d76fd7e30f89 -> %SystemDrive%\2eff7b495cf4ddf909d76fd7e30f89 -> [Folder | Modified Date = 2/20/2007 6:31:32 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 3/14/2007 4:31:00 PM | Attr = H ]
hijackthis -> %SystemDrive%\hijackthis -> [Folder | Modified Date = 3/14/2007 4:14:18 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3/14/2007 4:32:52 PM | Attr = R ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 232 bytes | Modified Date = 3/12/2007 2:02:32 PM | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 232 bytes | Modified Date = 3/12/2007 2:02:38 PM | Attr = H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 232 bytes | Modified Date = 3/12/2007 2:02:46 PM | Attr = H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 232 bytes | Modified Date = 3/13/2007 3:08:54 PM | Attr = H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 232 bytes | Modified Date = 3/13/2007 3:09:02 PM | Attr = H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 232 bytes | Modified Date = 3/13/2007 3:09:06 PM | Attr = H ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 232 bytes | Modified Date = 3/14/2007 1:17:34 PM | Attr = H ]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 232 bytes | Modified Date = 3/14/2007 1:17:46 PM | Attr = H ]
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 232 bytes | Modified Date = 3/14/2007 1:17:50 PM | Attr = H ]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2/24/2007 12:34:00 PM | Attr = H ]
sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2/24/2007 12:34:14 PM | Attr = H ]
sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2/24/2007 12:34:30 PM | Attr = H ]
sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2/24/2007 12:34:32 PM | Attr = H ]
sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2/26/2007 2:00:32 AM | Attr = H ]
sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2/26/2007 2:00:34 AM | Attr = H ]
sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2/26/2007 2:00:44 AM | Attr = H ]
sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2/26/2007 2:00:46 AM | Attr = H ]
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2/26/2007 12:39:24 PM | Attr = H ]
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2/26/2007 12:39:26 PM | Attr = H ]
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2/26/2007 12:39:46 PM | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/12/2007 2:02:32 PM | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/12/2007 2:02:38 PM | Attr = H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/12/2007 2:02:46 PM | Attr = H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/13/2007 3:08:54 PM | Attr = H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/13/2007 3:09:02 PM | Attr = H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/13/2007 3:09:04 PM | Attr = H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/14/2007 1:17:34 PM | Attr = H ]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/14/2007 1:17:46 PM | Attr = H ]
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 3/14/2007 1:17:50 PM | Attr = H ]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/24/2007 12:33:58 PM | Attr = H ]
sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/24/2007 12:34:14 PM | Attr = H ]
sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/24/2007 12:34:30 PM | Attr = H ]
sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/24/2007 12:34:32 PM | Attr = H ]
sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/26/2007 2:00:32 AM | Attr = H ]
sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/26/2007 2:00:34 AM | Attr = H ]
sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/26/2007 2:00:44 AM | Attr = H ]
sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/26/2007 2:00:46 AM | Attr = H ]
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/26/2007 12:39:24 PM | Attr = H ]
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/26/2007 12:39:26 PM | Attr = H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/26/2007 12:39:46 PM | Attr = H ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3/14/2007 4:13:24 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 3/13/2007 5:32:14 PM | Attr = H ]
$NtUninstallKB916089$ -> %SystemRoot%\$NtUninstallKB916089$ -> [Folder | Modified Date = 3/2/2007 1:30:58 PM | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Modified Date = 2/13/2007 8:23:34 PM | Attr = H ]
$NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ -> [Folder | Modified Date = 2/20/2007 6:28:02 PM | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Modified Date = 2/13/2007 8:23:22 PM | Attr = H ]
$NtUninstallKB925720$ -> %SystemRoot%\$NtUninstallKB925720$ -> [Folder | Modified Date = 2/20/2007 9:03:28 PM | Attr = H ]
$NtUninstallKB925766$ -> %SystemRoot%\$NtUninstallKB925766$ -> [Folder | Modified Date = 2/20/2007 6:27:44 PM | Attr = H ]
$NtUninstallKB925876$ -> %SystemRoot%\$NtUninstallKB925876$ -> [Folder | Modified Date = 2/20/2007 6:31:18 PM | Attr = H ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Modified Date = 2/20/2007 6:31:10 PM | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Modified Date = 2/13/2007 8:23:38 PM | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Modified Date = 2/13/2007 8:23:28 PM | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Modified Date = 2/13/2007 8:23:04 PM | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Modified Date = 2/13/2007 8:22:50 PM | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Modified Date = 2/13/2007 8:23:00 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 3/13/2007 5:56:08 PM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Modified Date = 3/13/2007 5:57:22 PM | Attr = H ]
$NtUninstallKB931836$ -> %SystemRoot%\$NtUninstallKB931836$ -> [Folder | Modified Date = 2/13/2007 8:23:44 PM | Attr = H ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ -> [Folder | Modified Date = 2/20/2007 6:31:02 PM | Attr = H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Modified Date = 2/20/2007 6:31:34 PM | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Modified Date = 2/20/2007 6:29:14 PM | Attr = H ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ -> [Folder | Modified Date = 2/20/2007 6:30:16 PM | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Modified Date = 2/20/2007 6:28:36 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 2/20/2007 6:39:12 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2/20/2007 7:43:32 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3/14/2007 4:04:16 PM | Attr = S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 48239 bytes | Modified Date = 3/8/2007 8:01:44 AM | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 3/12/2007 2:51:50 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 3/12/2007 6:56:38 PM | Attr = S]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 2/20/2007 6:39:12 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2/20/2007 6:32:48 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2/20/2007 6:31:20 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 3/13/2007 5:56:14 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 3/14/2007 3:32:40 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/14/2007 4:31:00 PM | Attr = HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 2/20/2007 7:43:32 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 3/9/2007 4:42:26 AM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 2/20/2007 6:28:00 PM | Attr = ]
popcinfo.dat -> %SystemRoot%\popcinfo.dat -> [Ver = | Size = 16 bytes | Modified Date = 2/24/2007 11:32:26 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/14/2007 4:33:32 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 3/9/2007 3:33:54 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 3/12/2007 10:30:08 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 3/14/2007 4:06:40 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 3/5/2007 1:24:06 AM | Attr = ]
setupapi.log.1.old -> %SystemRoot%\setupapi.log.1.old -> [Ver = | Size = 1047090 bytes | Modified Date = 3/13/2007 12:20:10 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 3/13/2007 5:57:24 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 3/14/2007 4:07:22 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 3/14/2007 4:36:00 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 642 bytes | Modified Date = 2/20/2007 6:30:36 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 3/9/2007 3:46:46 AM | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 276 bytes | Modified Date = 3/14/2007 2:37:04 PM | Attr = ]
McAfee.com Scan for Viruses - My Computer (HOME-294D57F187-John Quackenbush).job -> %SystemRoot%\tasks\McAfee.com Scan for Viruses - My Computer (HOME-294D57F187-John Quackenbush).job -> [Ver = | Size = 372 bytes | Modified Date = 3/10/2007 1:30:02 AM | Attr = ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 364 bytes | Modified Date = 2/15/2007 2:00:02 AM | Attr = ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 3/14/2007 4:07:22 PM | Attr = H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3/14/2007 4:04:18 PM | Attr = H ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 2/20/2007 6:30:46 PM | Attr = ]
BMXState-{00000003-00000000-00000004-00001102-00000005-10031102}.rfx -> %System32%\BMXState-{00000003-00000000-00000004-00001102-00000005-10031102}.rfx -> [Ver = | Size = 55172 bytes | Modified Date = 3/14/2007 3:54:58 PM | Attr = ]
BMXStateBkp-{00000003-00000000-00000004-00001102-00000005-10031102}.rfx -> %System32%\BMXStateBkp-{00000003-00000000-00000004-00001102-00000005-10031102}.rfx -> [Ver = | Size = 55172 bytes | Modified Date = 3/14/2007 3:54:58 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 3/9/2007 3:54:36 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 3/14/2007 4:04:30 PM | Attr = ]
Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 14590 bytes | Modified Date = 3/14/2007 4:35:00 PM | Attr = ]
d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = | Size = 552 bytes | Modified Date = 3/12/2007 7:38:16 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 3/13/2007 5:57:24 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 3/12/2007 7:08:54 PM | Attr = ]
DVCState-{00000003-00000000-00000004-00001102-00000005-10031102}.rfx -> %System32%\DVCState-{00000003-00000000-00000004-00001102-00000005-10031102}.rfx -> [Ver = | Size = 64980 bytes | Modified Date = 3/14/2007 3:54:58 PM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 2/20/2007 6:32:50 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 186608 bytes | Modified Date = 2/20/2007 6:39:14 PM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 2/20/2007 6:28:40 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 2/20/2007 6:30:46 PM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 43459 bytes | Modified Date = 3/14/2007 4:13:12 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 70124 bytes | Modified Date = 3/11/2007 11:17:46 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 436360 bytes | Modified Date = 3/11/2007 11:17:48 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 516186 bytes | Modified Date = 3/11/2007 11:17:42 AM | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Modified Date = 3/5/2007 7:17:02 PM | Attr = ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 2064 bytes | Modified Date = 3/14/2007 3:54:58 PM | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 2064 bytes | Modified Date = 3/14/2007 3:54:58 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 4178 bytes | Modified Date = 3/11/2007 4:24:22 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 3/14/2007 4:13:00 PM | Attr = ]
XPSViewer -> %System32%\XPSViewer -> [Folder | Modified Date = 2/20/2007 6:32:52 PM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Modified Date = 2/20/2007 6:29:20 PM | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 2/20/2007 6:28:42 PM | Attr = H ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\hijackthis.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %SystemDrive%\iTunesSetup.exe:Zone.Identifier ->
Thawte Consulting , -> %System32%\AbaleZip.dll -> Abale.com (info@abale.com) [Ver = 5.0.3.0 | Size = 287256 bytes | Modified Date = 1/26/2007 11:08:58 AM | Attr = R ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 1/31/2007 9:56:06 PM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 10/18/2006 9:18:12 PM | Attr = ]
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 4/27/2006 5:49:30 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 8/29/2006 7:43:54 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 1/9/2006 10:36:06 AM | Attr = ]
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 12/1/2006 6:20:34 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.129.0 | Size = 279392 bytes | Modified Date = 8/31/2005 11:35:40 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]

< End of report >

#13 beynac

Silver Member

Visiting Fellow
459 posts

Posted 15 March 2007 - 05:29 AM

Good Morning John.

SpywareBlaster shouldn't block our fixes. I'm more worried about Spybot's TeaTimer - it's showing in the WinPFind3 report. Are you sure that you disabled it? Please check that it is disabled before you run the fix, and leave it disabled when you run the HijackThis scan.

------------------------------------------------------------------

AVG Anti-Spyware:

Please update AVG Anti-Spyware.

Click the Update icon at the top and under Manual Update click the Start update button.
The program will either update or inform you that no update was available.

Please check the following settings:

Click the Shield icon at the top and under Resident shield is... make sure it shows inactive or not available in the free version.
Click the Update icon and untick the automatic update option.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act? - make sure that Quarantine is selected.
Under How to scan? - All checkboxes should be ticked.
Under Possibly unwanted software - All checkboxes should be ticked.
Under Reports - Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan? - Select Scan every file.

You can now close AVG Anti-Spyware. Do not scan yet.

------------------------------------------------------------------

WinPFind3U

Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program. Select the text in the Quote box below, and copy/paste the information into the pane where it says Paste fix here then click the Run Fix button.

[Registry - Non-Microsoft Only]
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {3EC8255F-E043-4cae-8B3B-B191550C2A22} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {01A88BB1-1174-41EC-ACCB-963509EAE56B} -> - CodeBase =
YN -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> - CodeBase =
YN -> {166B1BCA-3F9C-11CF-8075-444553540000} -> - CodeBase =
YN -> {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} -> - CodeBase =
YN -> {233C1507-6A77-46A4-9443-F871F945D258} -> - CodeBase =
YN -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> - CodeBase =
YN -> {4B48D5DF-9021-45F7-A240-60304302A215} -> - CodeBase =
YN -> {5D6F45B3-9043-443D-A792-115447494D24} -> - CodeBase =
YN -> {62789780-B744-11D0-986B-00609731A21D} -> - CodeBase =
YN -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> - CodeBase =
YN -> {8AD9C840-044E-11D1-B3E9-00805F499D93} -> - CodeBase =
YN -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> - CodeBase =
YN -> {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} -> - CodeBase =
YN -> {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} -> - CodeBase =
YN -> {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} -> - CodeBase =
YN -> {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -> - CodeBase =
YN -> RaptisoftGameLoader -> - CodeBase =

The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes. When the fix has run, a logfile will open in Notepad. You can close this as it will be saved in the WinPFind3u folder. The log documents each step of the fix and whether it was successful or not. The log is saved as a text file with a name in the format mmddyyyy_hhmmss.log for the date and time the fix was run.

-----------------------------------------------------------------

Boot to Safe Mode.

You will need to reboot your computer into Safe Mode for the next steps. It would be a good idea for you to print these instructions, as you will not have access to the internet.

Important: If you have an always on connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode. I suggest that you print out these instructions.

Restart your computer.
Continually tap the F8 button as your computer is booting (a menu appears).
Use up-arrow key to select Safe Mode and press Enter.

------------------------------------------------

Run AVG Anti-Spyware:

Close all open windows and then start AVG Anti-Spyware, which you downloaded earlier

Click on Scanner on the toolbar.
Click on Complete System Scan to start the scan process.
Let the program scan your computer.
When the scan has finished, follow the instructions below:
- Make sure that Set all elements to: shows Quarantine
- Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
- When the program has finished, it will display the message All actions have been applied.
- Then click the Save Scan Report button.
- Click the Save Report as button.
- Save the report to your Desktop.
Right-click the AVG Tray Icon and select Exit.

-----------------------------------------------------------------

Reboot in Normal Mode and then run a HijackThis scan (remember to leave TeaTimer disabled).

----------------------------------------------------------

Please post, as a reply to this thread:

The new WinPFind3 report (please make sure that you post the latest one)
The AVG Anti-Spyware report
A new HijackThis log

Edited by beynac, 15 March 2007 - 10:29 AM.

beynac
Honors Graduate of MalWare Removal University - A Cooperative Effort with What the Tech Classroom
Member of the Alliance of Security Analysis Professionals (ASAP)

#14 LeftoverQuack

New Member

Authentic Member
16 posts

Posted 15 March 2007 - 06:43 PM

[Registry - Non-Microsoft Only] Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{227B8AA8-DAF2-4892-BD1D-73F568BCB24E} deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EC8255F-E043-4cae-8B3B-B191550C2A22} deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41D68ED8-4CFF-4115-88A6-6EBB8AF19000} deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045} deleted successfully. Starting removal of ActiveX control {01A88BB1-1174-41EC-ACCB-963509EAE56B} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01A88BB1-1174-41EC-ACCB-963509EAE56B}\InprocServer32 not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{01A88BB1-1174-41EC-ACCB-963509EAE56B} deleted successfully. Removal of ActiveX control {01A88BB1-1174-41EC-ACCB-963509EAE56B} complete! Starting removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\InprocServer32 not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} deleted successfully. Removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} complete! Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000} deleted successfully. Removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000} complete! Starting removal of ActiveX control {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2250C29C-C5E9-4F55-BE4E-01E45A40FCF1}\InprocServer32 not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} deleted successfully. Removal of ActiveX control {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} complete! Starting removal of ActiveX control {233C1507-6A77-46A4-9443-F871F945D258} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{233C1507-6A77-46A4-9443-F871F945D258} deleted successfully. Removal of ActiveX control {233C1507-6A77-46A4-9443-F871F945D258} complete! Starting removal of ActiveX control {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\InprocServer32 not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} deleted successfully. Removal of ActiveX control {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} complete! Starting removal of ActiveX control {4B48D5DF-9021-45F7-A240-60304302A215} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B48D5DF-9021-45F7-A240-60304302A215}\InprocServer32 not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4B48D5DF-9021-45F7-A240-60304302A215} deleted successfully. Removal of ActiveX control {4B48D5DF-9021-45F7-A240-60304302A215} complete! Starting removal of ActiveX control {5D6F45B3-9043-443D-A792-115447494D24} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D6F45B3-9043-443D-A792-115447494D24}\InprocServer32 not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D6F45B3-9043-443D-A792-115447494D24} deleted successfully. Removal of ActiveX control {5D6F45B3-9043-443D-A792-115447494D24} complete! Starting removal of ActiveX control {62789780-B744-11D0-986B-00609731A21D} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62789780-B744-11D0-986B-00609731A21D}\InprocServer32 not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{62789780-B744-11D0-986B-00609731A21D} deleted successfully. Removal of ActiveX control {62789780-B744-11D0-986B-00609731A21D} complete! Starting removal of ActiveX control {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\InprocServer32 not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} deleted successfully. Removal of ActiveX control {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} complete! Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32 not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} deleted successfully. Removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} complete! Starting removal of ActiveX control {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\InprocServer32 not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} deleted successfully. Removal of ActiveX control {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} complete! Starting removal of ActiveX control {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8}\InprocServer32 not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} deleted successfully. Removal of ActiveX control {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} complete! Starting removal of ActiveX control {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}\InprocServer32 not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B1826A9F-4AA0-4510-BA77-9013E74E4B9B} deleted successfully. Removal of ActiveX control {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} complete! Starting removal of ActiveX control {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E504EE6E-47C6-11D5-B8AB-00D0B78F3D48}\InprocServer32 not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} deleted successfully. Removal of ActiveX control {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} complete! Starting removal of ActiveX control {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6}\InprocServer32 not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} deleted successfully. Removal of ActiveX control {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} complete! Starting removal of ActiveX control RaptisoftGameLoader not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\RaptisoftGameLoader\InprocServer32 not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\RaptisoftGameLoader deleted successfully. Removal of ActiveX control RaptisoftGameLoader complete! < End of log > Created on 03/15/2007 16:38:44 --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 5:25:09 PM 3/15/2007 + Scan result: HKU\S-1-5-21-1060284298-1292428093-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned with backup (quarantined). ::Report end

#15 LeftoverQuack

New Member

Authentic Member
16 posts

Posted 15 March 2007 - 06:46 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:31:10 PM, on 3/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRA~1\Yahoo!\common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\DWR6EXHQ\APP_1_~1.SH! C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\DWR6EXHQ\INAFAB~1.SH! C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\ICKPH0UB\NO_CON~1.SH! C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\ICKPH0UB\DC_2_~1.SH! C:\DOCUME~1\JOHNQU~1\LOCALS~1\TEMPOR~1\Content.IE5\DDJIZDOR\DWB8C5~1.SH!
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay10...ex/HMAtchmt.ocx
O18 - Protocol: bw+0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {B4EFB585-6622-4CF3-B080-790E21B2440F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe

Body Background

skin color theme