Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 24.11.2024 / 22:55
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > topsecuritysite infestation. please help.
Show topics
 
Forums
Forums
topsecuritysite infestation. Please help.
  Jump to:
 
Posted Message
Page:12Next >
TIL8472
Newbie
_ 		16. June 2006 @ 01:44 _ Link to this message    Send private message to this user   
I thought I got rid of the ULwindow and topsecuritysite rubbish, but it has come back!! Here is my HJT log. Please help.



Logfile of HijackThis v1.99.1
Scan saved at 18:42:53, on 16/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\WINPAT~1\winpatrol.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Internet\Yahoo\Messenger\ypager.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Internet\Trillian\trillian.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = The Uncharted Territories
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\WINPAT~1\winpatrol.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Internet\Yahoo\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: Trillian.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Internet\Yahoo\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Internet\Yahoo\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Internet\ICQ\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Internet\ICQ\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://google.com.au
O15 - Trusted Zone: http://www.livejournal.com
O15 - Trusted Zone: http://*.mrs-silk.com
O15 - Trusted Zone: http://*.photobucket.com
O15 - Trusted Zone: http://www.TerraFirmaScapers.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} -
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} -
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Plug-in) -
O18 - Protocol: bw+0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\lsass.dll
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[ + quote]
Advertisement
_ 		__
JaPK
Senior Member
_ 		16. June 2006 @ 07:20 _ Link to this message    Send private message to this user   
Hi, you got some infections.

Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Unzip it (folder named SmitFraudFix) to your desktop:

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

Post the contents of this textfile to here.

(Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
TIL8472
Newbie
_ 		16. June 2006 @ 19:06 _ Link to this message    Send private message to this user   
Here is the Smitfraud file

SmitFraudFix v2.61

Scan done at 13:05:35.62, Sat 17/06/2006
Run from C:\Documents and Settings\TIL8472.MOYA.000\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\rmzdzx.dll FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\TIL8472.MOYA.000\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TIL847~1.000\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
[ + quote]
JaPK
Senior Member
_ 		17. June 2006 @ 03:02 _ Link to this message    Send private message to this user   
You don't have a firewall or an antivirus on your computer. Download and install one firewall and one antivirus.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

These are good (free) antiviruses:
AVG Antivirus --> http://www.grisoft.com
Avast --> http://www.avast.com

Ok, you got some infections on your computer....

Cleaning instructions:

At first, disable realtime protections from Spybot S&D (Teatimer), Ewido and WinPatrol because they may hinder the cleaning process. Instructions here -> http://wiki.castlecops.com/Malware_Removal:_Temporarily_Disable_R...

Download and install Ewido anti-malware -> http://www.ewido.net/en/download
Update it, but do NOT run a scan yet. We'll use it later.

Go to Control Panel -> Add/Remove programs -> Remove PuritySCAN By OIN, OuterInfo, OIN if found
IF you can't find those, please download and run this uninstaller -> http://www.outerinfo.com/OiUninstaller.exe
Instructions here (if needed) -> http://www.outerinfo.com/howto.html

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} -
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} -
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Plug-in) -

Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

Delete these folders (if found):
C:\Program Files\PurityScan

When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.

Tha log is saved to your local diskdrive, usually C:\rapport.txt.

Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

Scan and clean your computer with Ewido and save the report.

Clean the Recycle bin and make your hidden files visible again.

Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
-> contents of C:\Rapport.txt
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 17. June 2006 @ 03:02
TIL8472
Newbie
_ 		17. June 2006 @ 04:53 _ Link to this message    Send private message to this user   
Here are the lastest logs....

Logfile of HijackThis v1.99.1
Scan saved at 22:50:51, on 17/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Internet\Yahoo\Messenger\ypager.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Internet\Trillian\trillian.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMJB.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Opera7\opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = The Uncharted Territories
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {086CEFD5-A88D-4981-8915-D51F04360ED1} - (no file)
O2 - BHO: (no name) - {1D32752B-268E-4673-812F-70DEF934878A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Internet\Yahoo\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: Trillian.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Internet\Yahoo\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Internet\Yahoo\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Internet\ICQ\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Internet\ICQ\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://google.com.au
O15 - Trusted Zone: http://www.livejournal.com
O15 - Trusted Zone: http://*.mrs-silk.com
O15 - Trusted Zone: http://*.photobucket.com
O15 - Trusted Zone: http://www.TerraFirmaScapers.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O18 - Protocol: bw+0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\lsass.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winvck32 - winvck32.dll (file missing)
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe



---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 22:44:24, 17/06/2006
+ Report-Checksum: 303A18BD

+ Scan result:

C:\Documents and Settings\TIL8472.MOYA.000\Application Data\s?stem\wuauboot.exe -> Downloader.PurityScan.cq : Cleaned with backup
C:\Documents and Settings\TIL8472.MOYA.000\Cookies\til8472@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\TIL8472.MOYA.000\Cookies\til8472@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\TIL8472.MOYA.000\Cookies\til8472@techrepublic.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\TIL8472.MOYA.000\Local Settings\Application Data\e251788b.exe -> Downloader.Obfuscated.a : Cleaned with backup
C:\Documents and Settings\TIL8472.MOYA.000\Local Settings\Temp\NoadwareBkupTemp\!update.exe -> Downloader.PurityScan.co : Cleaned with backup
C:\Program Files\Common Files\Y1123OA.exe -> Downloader.PurityScan.cq : Cleaned with backup
C:\WINDOWS\system32\e251788b.exe -> Downloader.Obfuscated.a : Cleaned with backup
C:\WINDOWS\system32\efcayya.dll -> Adware.Virtumonde : Cleaned with backup
C:\WINDOWS\Temp\OA.exe -> Downloader.PurityScan.cq : Cleaned with backup
C:\WINDOWS\Temp\win5A.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win73.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\winC5.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\winE9.tmp.exe -> Downloader.Obfuscated.a : Cleaned with backup
C:\WINDOWS\winres.dll -> Downloader.IstBar.ff : Cleaned with backup


::Report End


SmitFraudFix v2.61

Scan done at 13:05:35.62, Sat 17/06/2006
Run from C:\Documents and Settings\TIL8472.MOYA.000\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\rmzdzx.dll FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\TIL8472.MOYA.000\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TIL847~1.000\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
[ + quote]
JaPK
Senior Member
_ 		17. June 2006 @ 05:26 _ Link to this message    Send private message to this user   
Ok, not clean yet...

Cleaning instructions:

Disable those realtime protections if present.

Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1
Do NOT run yet.

Download and run this uninstaller -> http://www.outerinfo.com/OiUninstaller.exe
Instructions here (if needed) -> http://www.outerinfo.com/howto.html

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {086CEFD5-A88D-4981-8915-D51F04360ED1} - (no file)
O2 - BHO: (no name) - {1D32752B-268E-4673-812F-70DEF934878A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O20 - Winlogon Notify: winvck32 - winvck32.dll (file missing)


Run ATF Cleaner -> Check select all -> Press Empty selected

You have to run smitfraudfix with OPTION 2.

Restart your computer to the safemode and choose your normal user account -> http://www.pchell.com/support/safemode.shtml

When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.

Tha log is saved to your local diskdrive, usually C:\rapport.txt.

Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

Post the following logs to here:
-> a fresh HijackThis log
-> contents of C:Rapport.txt
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 17. June 2006 @ 05:27
TIL8472
Newbie
_ 		17. June 2006 @ 06:15 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 00:14:01, on 18/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Internet\Yahoo\Messenger\ypager.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Internet\Trillian\trillian.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Opera7\opera.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = The Uncharted Territories
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Internet\Yahoo\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: Trillian.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Internet\Yahoo\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Internet\Yahoo\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Internet\ICQ\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Internet\ICQ\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://google.com.au
O15 - Trusted Zone: http://www.livejournal.com
O15 - Trusted Zone: http://*.mrs-silk.com
O15 - Trusted Zone: http://*.photobucket.com
O15 - Trusted Zone: http://www.TerraFirmaScapers.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} -
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} -
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Plug-in) -
O18 - Protocol: bw+0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\lsass.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


SmitFraudFix v2.61

Scan done at 0:04:47.25, Sun 18/06/2006
Run from D:\Temp\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

*sigh*
[ + quote]
JaPK
Senior Member
_ 		17. June 2006 @ 22:42 _ Link to this message    Send private message to this user   
Ok looking better now...

Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html

Go to here -> http://www.virustotal.com
-> Press Browse
-> Navigate to this file: C:\WINDOWS\system32\lsass.dll
-> Press Ok
-> Press Send
-> Wait for the scan results
-> Post the results to your next reply
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
TIL8472
Newbie
_ 		17. June 2006 @ 23:03 _ Link to this message    Send private message to this user   
I made the hidden files visible, loaded up the virustotal website.
Clicked on Choose (Browse)

But I couldn't find lsass.dll in the system32 directory.
only lsass.exe

I haven't had any problems with browser hijacking or pop-ups recently either. Thanks for all your help.
[ + quote]
JaPK
Senior Member
_ 		18. June 2006 @ 04:52 _ Link to this message    Send private message to this user   
Ok lets make sure that the file really is gone...


1. Download Avenger -> http://swandog46.geekstogo.com/avenger.zip and unzip it to desktop
2. Copy all text in quote box below to Notepad (starting from
Files to delete:)

Quote:
Files to delete:
C:\WINDOWS\system32\lsass.dll
Notice: This script is for this user. If you aren't that user, DON'T follow these instructions, because they might harm your system

3. Now, open The Avenger
->"Below Script file to execute" select "Input Script Manually".
->Now click magnifying glass which opens a new window "View/edit script".
-> Paste the text you earlier copied to Notepad here
-> Click Done.
-> Now click green light in order to start script.
-> Click "Yes" .

4.Avenger will do the following
-> Reboot your computer.
-> While booting, it will open a dos prompt, it's normal
-> After reboot it will create a logfile which should open . This log is in C:\avenger.txt
-> Avenger has created a backup here -> C:\avenger\backup.zip.

5. Copy/paste contents of avenger.txt along with a fresh HjT-log.
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
TIL8472
Newbie
_ 		19. June 2006 @ 01:54 _ Link to this message    Send private message to this user   
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dgbutmdc

*******************

Script file located at: \??\C:\Documents and Settings\okvwhcry.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\lsass.dll not found!
Deletion of file C:\WINDOWS\system32\lsass.dll failed!

Could not process line:
C:\WINDOWS\system32\lsass.dll
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

Logfile of HijackThis v1.99.1
Scan saved at 19:52:37, on 19/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Internet\Yahoo\Messenger\ypager.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Internet\Trillian\trillian.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Opera7\opera.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = The Uncharted Territories
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {086CEFD5-A88D-4981-8915-D51F04360ED1} - (no file)
O2 - BHO: (no name) - {1D32752B-268E-4673-812F-70DEF934878A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Internet\Yahoo\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: Trillian.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Internet\Yahoo\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Internet\Yahoo\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Internet\ICQ\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Internet\ICQ\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://google.com.au
O15 - Trusted Zone: http://www.livejournal.com
O15 - Trusted Zone: http://*.mrs-silk.com
O15 - Trusted Zone: http://*.photobucket.com
O15 - Trusted Zone: http://www.TerraFirmaScapers.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} -
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} -
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Plug-in) -
O18 - Protocol: bw+0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\lsass.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[ + quote]
JaPK
Senior Member
_ 		19. June 2006 @ 10:25 _ Link to this message    Send private message to this user   
Ok not clean yet.

At first, disable realtime protections from Spybot S&D (Teatimer), Ewido and WinPatrol because they may hinder the cleaning process. Instructions here -> http://wiki.castlecops.com/Malware_Removal:_Temporarily_Disable_R...

Restart your computer to the safe mode -> -> http://www.pchell.com/support/safemode.shtml

When in safe mode, fix these entries with HijackThis:
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {086CEFD5-A88D-4981-8915-D51F04360ED1} - (no file)
O2 - BHO: (no name) - {1D32752B-268E-4673-812F-70DEF934878A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\lsass.dll

Restart your computer normally.

Post a fresh HijackThis log.
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
TIL8472
Newbie
_ 		19. June 2006 @ 14:06 _ Link to this message    Send private message to this user   
Here you are....

Logfile of HijackThis v1.99.1
Scan saved at 08:04:28, on 20/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Internet\Yahoo\Messenger\ypager.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Internet\Trillian\trillian.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = The Uncharted Territories
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Internet\Yahoo\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: Trillian.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Internet\Yahoo\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Internet\Yahoo\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Internet\ICQ\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Internet\ICQ\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://google.com.au
O15 - Trusted Zone: http://www.livejournal.com
O15 - Trusted Zone: http://*.mrs-silk.com
O15 - Trusted Zone: http://*.photobucket.com
O15 - Trusted Zone: http://www.TerraFirmaScapers.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} -
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} -
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Plug-in) -
O18 - Protocol: bw+0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[ + quote]
JaPK
Senior Member
_ 		19. June 2006 @ 19:59 _ Link to this message    Send private message to this user   
Ok looks good...

However, I missed a few leftovers at my last post so fix these entries with HijackThis:

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} -
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} -
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Plug-in) -
Reboot.

Post a fresh HijackThis log one more time.
Sorry for the inconvenience ;)
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
TIL8472
Newbie
_ 		21. June 2006 @ 01:35 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 19:34:14, on 21/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Internet\Yahoo\Messenger\ypager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Internet\Trillian\trillian.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = The Uncharted Territories
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {086CEFD5-A88D-4981-8915-D51F04360ED1} - (no file)
O2 - BHO: (no name) - {1D32752B-268E-4673-812F-70DEF934878A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Internet\Yahoo\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Trillian.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Internet\Yahoo\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Internet\Yahoo\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Internet\ICQ\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Internet\ICQ\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://google.com.au
O15 - Trusted Zone: http://www.livejournal.com
O15 - Trusted Zone: http://*.mrs-silk.com
O15 - Trusted Zone: http://*.photobucket.com
O15 - Trusted Zone: http://www.TerraFirmaScapers.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O18 - Protocol: bw+0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[ + quote]
JaPK
Senior Member
_ 		22. June 2006 @ 07:41 _ Link to this message    Send private message to this user   
Hi again, sorry for the delay...

Ok, we'll have to clean those manually then....

Press Start
-> Run
-> Write this to the field: regedit

At first, you should take a backup of your registry:
-> (In regedit) select My Computer, right-click it and press Export
-> Name it to RegBackup and save it to the C:\

Then go: (in regedit)
-> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
-> Delete the following keys if found:

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
{086CEFD5-A88D-4981-8915-D51F04360ED1}
{1D32752B-268E-4673-812F-70DEF934878A}
{53707962-6F74-2D53-2644-206D7942484F}
{686a161d-5bd1-4999-8832-6393f41e564c}
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{AA58ED58-01DD-4d91-8333-CF10577473F7}

-> Close Regedit

Reboot.

Scan again with HijackThis and post a fresh log to here.
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 22. June 2006 @ 07:41
TIL8472
Newbie
_ 		23. June 2006 @ 16:05 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 10:04:09, on 24/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Internet\Trillian\trillian.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Internet\FarscapeMirc\mirc.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = The Uncharted Territories
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Internet\Yahoo\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Trillian.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Internet\ICQ\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Internet\ICQ\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://google.com.au
O15 - Trusted Zone: http://www.livejournal.com
O15 - Trusted Zone: http://*.mrs-silk.com
O15 - Trusted Zone: http://*.photobucket.com
O15 - Trusted Zone: http://www.TerraFirmaScapers.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Plug-in) -
O18 - Protocol: bw+0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C3302C9B-C01D-401F-B587-1F50AA56A8BC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[ + quote]
JaPK
Senior Member
_ 		24. June 2006 @ 02:11 _ Link to this message    Send private message to this user   
Hi again, you're clean now :)

You don't have a firewall or an antivirus on your computer. Download and install one firewall and one antivirus.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

These are good (free) antiviruses:
AVG Antivirus --> http://www.grisoft.com
Avast --> http://www.avast.com

Now that you're clean, here are some tips how to stay clean.

-> Stand Up and Be Counted, Malware Complaints -> http://www.malwarecomplaints.info
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

-> Clear your system restore -> http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore...
This will clear the system restore folders from possible malware that was left behind during the cleaning process. Remember to create a new restore point after the cleaning.

-> Use CCleaner -> http://www.ccleaner.com
Download and install CCleaner. Clean your registry and temporary files with it regularly.

-> Use Ad-Aware -> http://www.bleepingcomputer.com/forums/?showtutorial=48
Download and install Ad-Aware. Update it and scan your computer regularly with it.

-> Use Ewido -> http://www.ewido.net/en
Download and install Ewido. Update it and scan your computer regularly with it.

-> Install SpywareBlaster -> http://www.javacoolsoftware.com/spywareblaster.html
SpywareBlaster will prevent spyware from being installed to your computer.

-> Install MVPS Hosts file -> http://mvps.org/winhelp2002/hosts.htm
This prevents your computer from connecting to harmful sites.

-> Change your browser to Firefox -> http://www.mozilla.org
Firefox is faster, safer and quicker browser than Internet Explorer.

-> Keep your systen up-to-date -> http://windowsupdate.microsoft.com
Visit Windows Update regularly.

-> Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.

-> Read this article by TonyKlein -> http://castlecops.com/postlite7736-.html
So how did I get infected in the first place?

Stay clean ;)
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
cyberbobx
Newbie
_ 		29. June 2006 @ 02:26 _ Link to this message    Send private message to this user   
Hey JaPK,

please please please help me. i have that horrible "topsecuritysite.net" trojan, and mabey more. here is my Smit Fraud Fix Report

SmitFraudFix v2.65

Scan done at 11:25:36.70, 29/06/2006
Run from C:\Documents and Settings\BobakJ\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\BobakJ\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BobakJ\FAVORI~1

C:\DOCUME~1\BobakJ\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{315f73fc-a7b1-49e6-a3c4-cc00cf8a3fdb}"="fossilage"

[HKEY_CLASSES_ROOT\CLSID\{315f73fc-a7b1-49e6-a3c4-cc00cf8a3fdb}\InProcServer32]
@="C:\WINDOWS\system32\erxbx.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{315f73fc-a7b1-49e6-a3c4-cc00cf8a3fdb}\InProcServer32]
@="C:\WINDOWS\system32\erxbx.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Thanks,
Bob
[ + quote]
-_- Bob -_-
JaPK
Senior Member
_ 		29. June 2006 @ 07:12 _ Link to this message    Send private message to this user   
Hi cyberbobx, please post a HijackThis log to here too.

Instructions for HjT posting -> http://forums.afterdawn.com/thread_view.cfm/263784
(Steps 3-5)
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
cyberbobx
Newbie
_ 		29. June 2006 @ 07:24 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 16:23:55, on 29/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\AOL\1142108150\ee\AOLSoftware.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
c:\program files\common files\aol\1142108150\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\5c01245f.exe
C:\Program Files\12018SC Multimedia Mouse Driver\MouseDrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
c:\program files\common files\aol\1142108150\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\UltimateZip 2.7\uzqkst.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Soulseek\slsk.exe
C:\Documents and Settings\BobakJ\Desktop\HijackThis_v1.99.1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.0.1/
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C503CD6-1728-4E78-8A00-AF931296BA09} - C:\WINDOWS\system32\ssqro.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142108150\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [GhostSurf Reminder] "C:\Program Files\GhostSurf 2005\Privacy Control Center.exe" reminder
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\12018SC Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [c4ec0416.exe] C:\WINDOWS\system32\c4ec0416.exe
O4 - HKLM\..\Run: [5c01245f.exe] C:\WINDOWS\system32\5c01245f.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [5c01245f.exe] C:\Documents and Settings\BobakJ\Local Settings\Application Data\5c01245f.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Check Local Printer.lnk = C:\Program Files\KXP6X00\Chkpnt.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: ssqro - C:\WINDOWS\system32\ssqro.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Personal firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe

Thanks, Bob
[ + quote]
-_- Bob -_-
JaPK
Senior Member
_ 		29. June 2006 @ 07:48 _ Link to this message    Send private message to this user   
Ok cyberbobx, you got some infections on your computer....

You have two antivirusses running, AVG and McAfee, this is not recommended and may cause serious conflicts. You should remove one of these two and leave only one.
So Go to Control Panel -> Add/Remove programs -> Remove AVG or McAfee

Cleaning instructions:

Move HijackThis into its own folder C:\HJT

-> Open Ewido Anti-Spyware
-> Click the Update icon at the top of the window
-> Click the Start update button
-> Wait for the update to download and install
-> Quit the program, we'll use this later.

Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1
Do NOT run yet.

Download VundoFix.exe to your desktop -> http://www.atribune.org/ccount/click.php?id=4

* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {1C503CD6-1728-4E78-8A00-AF931296BA09} - C:\WINDOWS\system32\ssqro.dll (file missing)
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll (file missing)
O4 - HKLM\..\Run: [c4ec0416.exe] C:\WINDOWS\system32\c4ec0416.exe
O4 - HKLM\..\Run: [5c01245f.exe] C:\WINDOWS\system32\5c01245f.exe
O4 - HKCU\..\Run: [5c01245f.exe] C:\Documents and Settings\BobakJ\Local Settings\Application Data\5c01245f.exe
O20 - Winlogon Notify: ssqro - C:\WINDOWS\system32\ssqro.dll (file missing)
O20 - Winlogon Notify: winjyp32 - winjyp32.dll (file missing)

Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

Delete these files (if found):
C:\WINDOWS\system32\c4ec0416.exe
C:\WINDOWS\system32\5c01245f.exe
C:\Documents and Settings\BobakJ\Local Settings\Application Data\5c01245f.exe
C:\Documents and Settings\BobakJ\Local Settings\Application Data\c4ec0416.exe

Run ATF Cleaner -> Check select all -> Press Empty selected

-> Open Ewido Anti-Spyware
-> Click the Scanner icon at the top of the window
-> Click the Settings tab then select Recommended Options and choose Quarantine
-> Click the Scan tab
-> Select Complete System Scan. The scanning begins.
-> When the scan has completed, click on the Save Scan Report button and save the scan to your Desktop.
-> Copy and paste the scan results into your next post

When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.

Tha log is saved to your local diskdrive, usually C:\rapport.txt.

Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

Clean the Recycle bin.

Restart your computer normally.

Post the following logs to here:
->a fresh HijackThis log
-> Ewido's log
-> contents of C:\vundofix.txt
-> contents of C:\rapport.txt
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 29. June 2006 @ 07:48
cyberbobx
Newbie
_ 		29. June 2006 @ 10:50 _ Link to this message    Send private message to this user   
Hey
Logfile of HijackThis v1.99.1
Scan saved at 19:47:19, on 29/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\AOL\1142108150\ee\AOLSoftware.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\12018SC Multimedia Mouse Driver\MouseDrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
c:\program files\common files\aol\1142108150\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
c:\program files\common files\aol\1142108150\ee\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\UltimateZip 2.7\uzqkst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.0.1/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142108150\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [GhostSurf Reminder] "C:\Program Files\GhostSurf 2005\Privacy Control Center.exe" reminder
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\12018SC Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Check Local Printer.lnk = C:\Program Files\KXP6X00\Chkpnt.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Personal firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe






---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:32:32 29/06/2006

+ Scan result:



HKU\S-1-5-21-3089254658-1086958249-218296358-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : No action taken.
HKU\S-1-5-21-3089254658-1086958249-218296358-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : No action taken.
HKU\S-1-5-21-3089254658-1086958249-218296358-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : No action taken.
C:\Documents and Settings\BobakJ\Local Settings\Temp\SHNTK.exe -> Adware.NewDotNet : No action taken.
C:\WINDOWS\system32\efcbxwu.dll -> Adware.Virtumonde : No action taken.
C:\Documents and Settings\BobakJ\Local Settings\Temp\cppn23wv.exe -> Downloader.Small : No action taken.
C:\WINDOWS\system32\ld100.tmp -> Downloader.Zlob.sd : No action taken.
:mozilla.170:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.171:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.172:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.173:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.174:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.175:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.176:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.177:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.178:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.179:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.180:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.186:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.187:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.189:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.190:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.191:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.192:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.193:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.194:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.195:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.196:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.197:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.198:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.199:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.200:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.201:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.202:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.203:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.204:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.205:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.206:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.330:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.331:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.332:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.333:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.666:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.100:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.630:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.96:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.97:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.98:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.99:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.343:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.344:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.530:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.531:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.532:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.533:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.534:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.535:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.228:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.229:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.230:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.231:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.232:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.136:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.137:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.131:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.132:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.133:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.134:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.135:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.452:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Adviva : No action taken.
:mozilla.117:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.329:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.974:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.975:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.976:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.537:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.466:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.467:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.468:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.233:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.234:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.235:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.236:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.237:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.238:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.239:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.240:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.241:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.285:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.304:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.305:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.306:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.572:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.574:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.575:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.576:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.669:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.79:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.152:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.169:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.453:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.454:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.458:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.461:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.462:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.463:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.470:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.566:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.567:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.568:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.569:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.570:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.571:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.584:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.611:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.612:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.613:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.706:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.707:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.708:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.709:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.710:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.711:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.712:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.713:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.714:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.715:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.716:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.717:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.718:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.719:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.720:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.721:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.722:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.723:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.724:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.725:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.726:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.727:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.728:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.729:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.730:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.731:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.732:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.733:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.734:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.735:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.736:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.737:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.738:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.739:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.740:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.741:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.742:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.743:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.744:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.745:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.746:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.747:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.748:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.749:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.750:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.751:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.752:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.753:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.754:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.755:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.756:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.757:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.758:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.759:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.760:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.761:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.762:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.763:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.764:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.765:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.766:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.767:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.768:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.769:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.770:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.771:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.772:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.773:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.774:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.775:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.776:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.777:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.778:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.779:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.272:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.273:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.274:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.275:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.88:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.95:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.138:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.140:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.142:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.143:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.144:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.145:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.146:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.248:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.287:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.291:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.245:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.246:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.247:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.536:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.437:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Hotlog : No action taken.
:mozilla.397:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.398:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.399:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.573:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.165:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.166:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.260:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.261:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.89:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.90:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.861:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Paycounter : No action taken.
:mozilla.635:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.636:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.637:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.638:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.167:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.168:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.367:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.368:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.369:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.473:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.474:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.475:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.476:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.477:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.478:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.479:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.480:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.221:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.222:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.223:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.224:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.225:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.226:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.227:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.789:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.790:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.791:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.216:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.217:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.218:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.219:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.220:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.676:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.677:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.678:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.679:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.680:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.681:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.682:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.683:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.684:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.685:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.686:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.687:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.688:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.689:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.528:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Spylog : No action taken.
:mozilla.892:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.893:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.894:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.895:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.896:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.897:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.898:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.899:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.900:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.901:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.902:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.903:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.904:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.905:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.906:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.907:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.908:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.909:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.910:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.911:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.912:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.913:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.914:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.915:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.916:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.917:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.918:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.919:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.920:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.921:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.922:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.923:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.924:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.148:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.149:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.150:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.151:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.518:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.520:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.522:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.523:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.524:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.525:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.263:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.264:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.265:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.266:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.267:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.268:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.269:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.270:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.929:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Trafic : No action taken.
:mozilla.16:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.17:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.139:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.141:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.866:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.867:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.868:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.937:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.324:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.436:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.438:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.64:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.65:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.66:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.67:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.68:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.69:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.70:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.71:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.960:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.961:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.252:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.253:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.254:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.256:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.257:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.271:C:\Documents and Settings\BobakJ\Application Data\Mozilla\Firefox\Profiles\6spg8uef.default\cookies.txt -> TrackingCookie.Zedo : No action taken.


::Report end





-------------------------------------------------------------------

VundoFix V4.2.84

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.4.2.3

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 16:55:02 29/06/2006

Listing files found while scanning....


C:\WINDOWS\system32\orqss.bak1
C:\WINDOWS\system32\orqss.bak2
C:\WINDOWS\system32\orqss.ini
Attempting to delete C:\WINDOWS\system32\orqss.bak1
C:\WINDOWS\system32\orqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\orqss.bak2
C:\WINDOWS\system32\orqss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\orqss.ini Has been deleted!

Performing Repairs to the registry.
Done!




-----------------------------------

SmitFraudFix v2.65

Scan done at 19:36:08.56, 29/06/2006
Run from C:\Documents and Settings\BobakJ\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{315f73fc-a7b1-49e6-a3c4-cc00cf8a3fdb}"="fossilage"

[HKEY_CLASSES_ROOT\CLSID\{315f73fc-a7b1-49e6-a3c4-cc00cf8a3fdb}\InProcServer32]
@="C:\WINDOWS\system32\erxbx.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{315f73fc-a7b1-49e6-a3c4-cc00cf8a3fdb}\InProcServer32]
@="C:\WINDOWS\system32\erxbx.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\erxbx.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\hp???.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\DOCUME~1\BobakJ\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Thanks, Bob

[ + quote]
-_- Bob -_-
JaPK
Senior Member
_ 		30. June 2006 @ 07:14 _ Link to this message    Send private message to this user   
Hi cyberbobx, not clean yet.

Please rename HijackThis.exe to Scanner.exe

Then run Scanner.exe (HijackThis) and post its log to here.
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
Advertisement
_ 		__
 
_
cyberbobx
Newbie
_ 		30. June 2006 @ 14:15 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 23:14:48, on 30/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\AOL\1142108150\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
c:\program files\common files\aol\1142108150\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\hkcmd.exe
c:\program files\common files\aol\1142108150\ee\aolsoftware.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\12018SC Multimedia Mouse Driver\MouseDrv.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\UltimateZip 2.7\uzqkst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\HJT\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.0.1/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142108150\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [GhostSurf Reminder] "C:\Program Files\GhostSurf 2005\Privacy Control Center.exe" reminder
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\12018SC Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Check Local Printer.lnk = C:\Program Files\KXP6X00\Chkpnt.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Personal firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe

Thankz, Bob
[ + quote]
-_- Bob -_-
 
Page:12Next >
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > topsecuritysite infestation. please help.
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork