|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
|||
|
|||
Hijacked Browser
This is the log from hijack this...i have apparently picked up a hijacked brower that is interfering with my yahoo and hotmail...thanks for taking the time to help me out...
ogfile of HijackThis v1.99.1 Scan saved at 11:48:27 PM, on 9/29/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\TimeSink\AdGateway\TsAdBot.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\ScanSoft\Pagis\Monitor.exe C:\Program Files\PhoTags Express\Photags AutoDetect.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Verizon Online\bin\mpbtn.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\MSN\MSNCoreFiles\MSN.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.buy4cheap.biz/?q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.buy4cheap.biz/?q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.buy4cheap.biz/?q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sirseek.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.buy4cheap.biz/side.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.buy4cheap.biz/side.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buy4cheap.biz/?q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.buy4cheap.biz/?q= R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.buy4cheap.biz/?q= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.buy4cheap.biz/?q=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Best-Toolbar.com Powered R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll R3 - URLSearchHook: Leopard Search Toolbar - {E828EC21-EAA9-44B3-8021-EE89101C6ACD} - C:\Program Files\Leopard Search Toolbar\leopardsearch.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: XBTB00977 Class - {C9FD0FB1-0121-4fbf-9B54-DBA85F34D743} - C:\PROGRA~1\LEOPAR~1\LEOPAR~1.DLL O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Leopard Search Toolbar - {E828EC21-EAA9-44B3-8021-EE89101C6ACD} - C:\Program Files\Leopard Search Toolbar\leopardsearch.dll O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: (no name) - {49828F52-1BE6-4F62-996F-D5823A8A7670} - (no file) O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TsAdBot.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go ogleToolbarNotifier.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Pagis Schedule Monitor.lnk = C:\Program Files\ScanSoft\Pagis\Monitor.exe O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...uzeb004YYUS_ZB O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O13 - DefaultPrefix: http://www.buy4cheap.biz/?q= O13 - WWW Prefix: http://www.buy4cheap.biz/?url= O13 - Home Prefix: http://www.buy4cheap.biz/?url= O13 - Mosaic Prefix: http://www.buy4cheap.biz/?url= O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab40641.cab O16 - DPF: {0E0D50BC-E086-4E3A-B07D-C5C5869C0FFF} (Abx Control) - http://real.gamehouse.com/games/adventureball/abx.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/def...andaonline.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://sympatico.zone.msn.com/bingam...GameLoader.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab32846.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://real.gamehouse.com/games/dine...DinerDash2.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...2/cpbrkpie.cab O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames...e.cab43895.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://real.gamehouse.com/games/bewitched/launcher.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/inc...ivePreQual.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab41227.cab O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/def...ebLauncher.cab O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.smileyarcade.com/online2/...h.1.0.0.80.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://real.gamehouse.com/games/zuma/popcaploader.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab |
#2
|
|||
|
|||
continued..........
O18 - Protocol: bw+0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: offline-8876480 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe |
#3
|
|||
|
|||
Update after running Spybot S&D please advise
I ran spybot and was able to elimate a few things from my log...the hi am trying to get rid of has attached it's self to my browser , saying Best-Toolbar.com powered, when I try to type in an address it takes my to a site buy4cheap.biz. Please tell me which entries to eliminate..
thanks Logfile of HijackThis v1.99.1 Scan saved at 4:11:03 PM, on 9/30/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\WINDOWS\system32\svchost.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\ScanSoft\Pagis\Monitor.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\PhoTags Express\Photags AutoDetect.exe C:\Program Files\Verizon Online\bin\mpbtn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN\MSNCoreFiles\MSN.EXE C:\Program Files\MSN Messenger\msnmsgr.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.buy4cheap.biz/?q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.buy4cheap.biz/?q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.buy4cheap.biz/?q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sirseek.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.buy4cheap.biz/side.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.buy4cheap.biz/side.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buy4cheap.biz/?q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.buy4cheap.biz/?q= R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.buy4cheap.biz/?q= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.buy4cheap.biz/?q=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Best-Toolbar.com Powered R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll R3 - URLSearchHook: Leopard Search Toolbar - {E828EC21-EAA9-44B3-8021-EE89101C6ACD} - C:\Program Files\Leopard Search Toolbar\leopardsearch.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: XBTB00977 Class - {C9FD0FB1-0121-4fbf-9B54-DBA85F34D743} - C:\PROGRA~1\LEOPAR~1\LEOPAR~1.DLL O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Leopard Search Toolbar - {E828EC21-EAA9-44B3-8021-EE89101C6ACD} - C:\Program Files\Leopard Search Toolbar\leopardsearch.dll O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: (no name) - {49828F52-1BE6-4F62-996F-D5823A8A7670} - (no file) O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go ogleToolbarNotifier.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Pagis Schedule Monitor.lnk = C:\Program Files\ScanSoft\Pagis\Monitor.exe O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...uzeb004YYUS_ZB O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O13 - Home Prefix: http://www.buy4cheap.biz/?url= O13 - Mosaic Prefix: http://www.buy4cheap.biz/?url= O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab40641.cab O16 - DPF: {0E0D50BC-E086-4E3A-B07D-C5C5869C0FFF} (Abx Control) - http://real.gamehouse.com/games/adventureball/abx.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/def...andaonline.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://sympatico.zone.msn.com/bingam...GameLoader.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab32846.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://real.gamehouse.com/games/dine...DinerDash2.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...2/cpbrkpie.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames...e.cab43895.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://real.gamehouse.com/games/bewitched/launcher.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/inc...ivePreQual.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab41227.cab O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/def...ebLauncher.cab O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.smileyarcade.com/online2/...h.1.0.0.80.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://real.gamehouse.com/games/zuma/popcaploader.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab |
#4
|
|||
|
|||
continued
O18 - Protocol: bw+0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: offline-8876480 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe |
#5
|
||||
|
||||
Howdy betme,
Welcome to CTH. Looks like SpyBot removed quite a bit of infection, and some of the tougher stuff as well. Still a few showing there, and some that I'll need to check with you on before removal. You have Dell's MyWay search tools there - some (like myself) feel this is little more than a search hijacker, as it has been know as in the past. Also did you choose to place those sirseek and buy4cheap search settings there as well? Let's check what else is installed, you post back on those questions and then we'll make repairs (including that Best Toolbar you have mentioned elsewhere). Open Hijackthis. Click Config - Misc Tools - Open Uninstall Manager. A list of the entries in Add/Remove programs will appear. Click on Save List... The list will be saved as 'Uninstall_list.txt' Copy & Paste the contents back here for review. And Go Here and download Silent Runners to your desktop. Run it, and post back here the log it creates. If your AV queries the script, allow it to run. It's not malicious. It will create a file named Startup Programs, and will notify when the scan is complete. Copy the log from the Startup Programs file back here. You can use separate posts here if needed. |
#6
|
|||
|
|||
Hi Tom and thanks for getting around to me.. I already eliminated all My Way,buy 4 cheap, sirseek and Best Toolbar..it is no longer at the top of my window..I still can not use yahoo mails graphics and colors and Hotmail doesn't recognize that I have IE 6..
here is the list from hijack this uninstall 3D Christmas Cottage Full Screen Saver 3D Falling Leaves Full Screen Saver 3D Lake Cabin Full Screen Saver 3D Snowy Cottage Full Screen Saver 3D Spring Blossoms Full Screen Saver 3D Water Effects Full Screen Saver Adobe Acrobat - Reader 6.0.2 Update Adobe Reader 6.0.1 Adorable Pets Premium Screen Saver America Online (Choose which version to remove) Angel Haven Full Screen Saver AOL Coach Version 1.0(Build:20040229.1 en) AOL Connectivity Services Arcade Classics Collection Autumn Scenes Full Screen Saver Balloon Pop Demo Banctec Service Agreement Bettys Beer Bar Big Kahuna Reef Bonus Disk Booym Broadcom Management Programs Cake Mania Calm Before the Storm Full Screen Saver CardRd81 CCScore Chinese Checkers Christmas Countdown Premium Screen Saver CR2 Dell Digital Jukebox Driver Dell Driver Reset Tool Dell Media Experience Dell Photo Printer 720 Dell Picture Studio v3.0 Dell Support 5.0.0 (630) Digital Camera Diner Dash Diner Dash 2 DMX Update EarthLink setup files eGames Pinball (remove only) ESSBrwr ESSCDBK ESScore ESSCT ESSEMAIL ESSgui ESShelp ESSini ESSPCD ESSPDock ESSSONIC ESSTOOLS ESSTUTOR ESSvpaht ESSvpot Fish Tycoon Freeze Animations Galaxy of Games Red Collection Geo Jump Get High Speed Internet! Google Earth Gridiron Grudge Match N Screen Saver Halloween Screensaver Full Hammerhead Pool To Go Hardwood Solitaire III Lite Haunted House 2 Full Screen Saver High Roller HijackThis 1.99.1 HijackThis 1.99.1 HLPIndex HLPPDOCK HLPSFO Hot Air Balloons Premium Screen Saver Icatch(IV) Camera Driver Intel(R) 537EP V9x DF PCI Modem Intel(R) Extreme Graphics Driver Internet Explorer Default Page J2SE Runtime Environment 5.0 Update 6 Jasc Paint Shop Photo Album 5 Jasc Paint Shop Pro Studio, Dell Editon Java 2 Runtime Environment, SE v1.4.2_03 Jewel Jam Special Edition Kodak EasyShare software KSU Learn2 Player (Uninstall Only) Let it Snow Premium Screen Saver Lexicon LimeWire 4.10.9 Living 3D Butterflies Full Screen Saver Living 3D Dinosaurs Full Screen Saver Living 3D Dolphins Full Screen Saver Living 3D Fireplace 2.0 Premium Screen Saver Living Beaches Full Screen Saver Living Marine Aquarium 2 Full Screen Saver Living Rainforest Full Screen Saver Living Snow Globes Full Screen Saver Logitech Desktop Messenger Logitech MouseWare 9.79 Logitech Resource Center Macromedia Flash Player Macromedia Flash Player 8 Macromedia Shockwave Player McAfee Personal Firewall Plus McAfee SecurityCenter McAfee VirusScan MGI PhotoSuite III SE (Remove Only) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Office PowerPoint Viewer 2003 Microsoft Picture It! 2000 Microsoft Picture It! Express 9 Microsoft Picture It! Library 9 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Mini Golf Master Special Edition Modem Event Monitor Modem Helper Modem On Hold Mountain Lakes Full Screen Saver MSN MSN Encarta Plus Support Files MSN Messenger 7.5 Musicmatch® Jukebox My 3D Christmas Tree Full Screen Saver Notifier OfotoXMI Old Chest OTtBP OTtBPSDK Over The Rainbow Pagis Pro 3.0 Panda ActiveScan Phlinx (remove only) Phlinx To Go PhoTags Express Photo Click Picasa 2 Playground Special Edition PowerDVD 5.3 PrimaScan 2400 U Scanner Driver PrimaScan 2400U Professor Answers Professor Teaches Access 2003 Professor Teaches Excel 2003 Professor Teaches Excel 2003 Advanced Professor Teaches FrontPage 2003 Professor Teaches FrontPage 2003 Advanced Professor Teaches Integrating Office Applications Professor Teaches Outlook 2003 Professor Teaches Outlook 2003 Advanced Professor Teaches PowerPoint 2003 Professor Teaches PowerPoint 2003 Advanced Professor Teaches Publisher 2003 Professor Teaches Windows XP Home Edition SP2 Professor Teaches Word 2003 Professor Teaches Word 2003 Advanced Pumpkin Patch Premium Screen Saver QuickBooks Simple Start Special Edition QuickTime RealArcade RealPlayer Rhapsody Player Engine Sandlot Games Client Services Santa's Workshop Premium Screen Saver Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB925486) SFR SHASTA SKIN0001 SKINXSDK Snowy Lunch Rush Sonic DLA Sonic RecordNow! Sonic Update Manager Spybot - Search & Destroy 1.4 Starry Night Full Screen Saver Super Gem Drop Teddy Factory TextBridge Pro 9.0 The Print Shop Photo Pro Typing Tutor 10 Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Verizon Online Verizon Online Support Center Viewpoint Media Player VPRINTOL Whales and Dolphins Full Screen Saver Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows Media Player 10 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 WIRELESS Word Connect Demo WordPerfect Office 12 Yahoo! extras Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Mail Quick Select Tool (PhotoMail) Yahoo! Photos Easy Upload Tool 1v6 Yahoo! Toolbar |
#7
|
|||
|
|||
silent runners log
Here is the other scan log you asked for...
"Silent Runners.vbs", revision 48, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++} "DellSupport" = ""C:\Program Files\Dell Support\DSAgnt.exe" /startup" ["Gteko Ltd."] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go ogleToolbarNotifier.exe" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++} "SoundMAXPnP" = "C:\Program Files\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."] "IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"] "HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"] "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."] "IntelMeM" = "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" ["Intel Corporation"] "DVDLauncher" = ""C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."] "UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"] "MMTray" = ""C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"" ["Musicmatch, Inc."] "VSOCheckTask" = ""C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask" ["McAfee, Inc."] "MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"] "MCUpdateExe" = "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"] "DMXLauncher" = "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [null data] "VirusScan Online" = "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" ["McAfee, Inc."] "MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"] "InstantAccess" = "C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\INSTAN~1. EXE /h" [null data] "RegisterDropHandler" = "C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\REGIST~1. EXE" [empty string] "Motive SmartBridge" = "C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" ["Motive Communications, Inc."] "OASClnt" = "C:\Program Files\McAfee.com\VSO\oasclnt.exe" ["McAfee, Inc."] "Microsoft Works Update Detection" = "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"] "MimBoot" = "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" ["Musicmatch, Inc."] "Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."] "Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}\(Default) = (no title provided) -> {HKLM...CLSID} = "Verizon Broadband Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll" [empty string] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = (no title provided) -> {HKLM...CLSID} = "UberButton Class" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo!"] {5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided) -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"] {65D886A2-7CA7-479B-BB95-14D1EFB7946A}\(Default) = (no title provided) -> {HKLM...CLSID} = "YahooTaggedBM Class" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\YIeTagBm.dll" ["Yahoo! Inc."] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt" -> {HKLM...CLSID} = "RecordNow! SendToExt" \InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data] "{7D5C4BDD-B015-4401-8731-1507B87DE297}" = "QBVersionTool" -> {HKLM...CLSID} = "VersionShellExt Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll" ["Intuit, Inc."] "{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess" -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"] "{7877C8E0-8B13-11D0-92C2-00AA004B256F}" = "Pagis Folder" -> {HKLM...CLSID} = "Pagis Folder" \InProcServer32\(Default) = "C:\Program Files\ScanSoft\Pagis\pgfolder.dll" [null data] "{7877C8E1-8B13-11D0-92C2-00AA004B256F}" = "Pagis Inbox" -> {HKLM...CLSID} = "Pagis Inbox" \InProcServer32\(Default) = "C:\Program Files\ScanSoft\Pagis\pgfolder.dll" [null data] "{7877C8E2-8B13-11D0-92C2-00AA004B256F}" = "Pagis Inbox" -> {HKLM...CLSID} = "Pagis Inbox" \InProcServer32\(Default) = "C:\Program Files\ScanSoft\Pagis\pgfolder.dll" [null data] "{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail" -> {HKLM...CLSID} = "YMailShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi20041123.dll" ["Yahoo! Inc."] "{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension" -> {HKLM...CLSID} = "KodakShellExtension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Kodak\ifscore\KodakShX.dll" ["Eastman Kodak Company"] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"] HKLM\Software\Classes\*\shellex\ContextMenuHandler s\ SrchToolContextMenu\(Default) = "{4B83AF60-33CC-11CF-8562-00AA00A39D4B}" -> {HKLM...CLSID} = "Xerox FindExtension Context Menu" \InProcServer32\(Default) = "C:\Program Files\ScanSoft\Pagis\ctxmfind.dll" ["ScanSoft Inc."] Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}" -> {HKLM...CLSID} = "YMailShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi20041123.dll" ["Yahoo! Inc."] HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\ Pagis\(Default) = "{4B83AF6A-33CC-11CF-8562-00AA00A39D4B}" -> {HKLM...CLSID} = "Pagis Folder Context Menu Item" \InProcServer32\(Default) = "C:\Program Files\ScanSoft\Pagis\fldrcntx.dll" ["ScanSoft Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\ Pagis\(Default) = "{4B83AF6A-33CC-11CF-8562-00AA00A39D4B}" -> {HKLM...CLSID} = "Pagis Folder Context Menu Item" \InProcServer32\(Default) = "C:\Program Files\ScanSoft\Pagis\fldrcntx.dll" ["ScanSoft Inc."] PhotagSearch\(Default) = "{181ED3BC-91D2-4424-B8E1-922B8F55BF56}" -> {HKLM...CLSID} = "Photags Search Handler Class" \InProcServer32\(Default) = "C:\Program Files\PhoTags Express\PWSSearchHandler.dll" [empty string] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Judy Townsend\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Startup items in "Judy Townsend" & "All Users" startup folders: --------------------------------------------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Kodak EasyShare software" -> shortcut to: "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx" [null data] "Kodak software updater" -> shortcut to: "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" [null data] "Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"] "Pagis Schedule Monitor" -> shortcut to: "C:\Program Files\ScanSoft\Pagis\Monitor.exe" ["ScanSoft Inc."] "Photags AutoDetect" -> shortcut to: "C:\Program Files\PhoTags Express\Photags AutoDetect.exe -startup" [empty string] "QuickBooks Update Agent" -> shortcut to: "C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe" ["Intuit, Inc."] "Verizon Online Support Center" -> shortcut to: "C:\Program Files\Verizon Online\bin\matcli.exe -boot" ["Motive Communications, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."] "{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}" -> {HKLM...CLSID} = "Verizon Broadband Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll" [empty string] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan" -> {HKLM...CLSID} = "McAfee VirusScan" \InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["McAfee, Inc."] "{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}" = (no title provided) -> {HKLM...CLSID} = "Verizon Broadband Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll" [empty string] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided) -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] {4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided) -> {HKLM...CLSID} = "&Yahoo! Messenger" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll" ["Yahoo! Inc."] HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided) -> {HKLM...CLSID} = "&Yahoo! Messenger" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll" ["Yahoo! Inc."] {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided) -> {HKLM...CLSID} = "Real.com" \InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ "ButtonText" = "Yahoo! Services" "CLSIDExtension" = "{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" -> {HKLM...CLSID} = "UberButton Class" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo!"] {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ "ButtonText" = "Real.com" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Internet Explorer Address Prefixes: ----------------------------------- Prefix for specific service (i.e., "www") HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL \Prefixes\ HIJACK WARNING! "?" = "http://www.buy4cheap.biz/?q=" HIJACK WARNING! "/" = "http://www.buy4cheap.biz/?q=" HIJACK WARNING! "." = "http://www.buy4cheap.biz/?q=" HIJACK WARNING! " " = "http://www.buy4cheap.biz/?q=" Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Missing lines (compared with English-language version): [Strings]: 1 line HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ HIJACK WARNING! "MGINavigationCanceled" = (empty string) HIJACK WARNING! "MGIWelcome" = (empty string) HIJACK WARNING! "MGIOfflineInformation" = (empty string) Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."] LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.ex e" ["McAfee Corporation"] McAfee Task Scheduler, McTskshd.exe, "c:\PROGRA~1\mcafee.com\agent\mctskshd.exe" ["McAfee, Inc"] McAfee WSC Integration, McDetect.exe, "c:\program files\mcafee.com\agent\mcdetect.exe" ["McAfee, Inc"] McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["McAfee Inc."] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monito rs\ Dell Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."] Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 73 seconds, including 18 seconds for message boxes) |
#8
|
||||
|
||||
Tough list of items there. So many look like the free, real exciting or fascinating games and screensavers. Almost guaranteed to have some adware related issues involved. Living Marine Aquarium - if it says Freeze.com, that is what folks should do before downloading it. Freeze. I have seen many times that name associated with adware downloads. I would suggest from that list anything you did not purchase, uninstall through Add/remove. Then start anew downloading but with caution.
As there was infection showing before and you have made some changes I haven't seen yet, let's apply a good scan and after we can cleanup what remains. Hopefully provide improvement to your problems as well. Download the trial version of AVG Anti-Spyware 7.5 from here and install it. If you have an exisiting copy of Ewido (which this software replaces), agree to the uninstall notification and uninstall Ewido. Reboot after. Then click the AVG download file again to install the software. (If you have a paid version of Ewido installed, go here to follow the steps to upgrade that now.) After installation, double-click the icon on your Desktop to launch AVG Anti-Spyware 7.5. On the top of the main screen click Shield. Then click the word active to change it to inactive. You will need to also update AVG Anti-Spyware 7.5 to the latest definition files. On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. Now close AVG Anti-Spyware 7.5 (don't scan just yet). ------------------------------------------------- Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode). Make sure all windows are closed and run AVG Anti-Spyware 7.5. Click Scanner, then click on the Scan tab. Click Complete System Scan to begin scanning. When the scan is complete click Recommended Action and change it to Quarantine. Then click Apply all actions. Once the scan has finished, click the Save report button, then click Save Report As. This will create a text file. Make sure you know where to find this file again. Reboot after, and post back here the AVG log, as well as a new HijackThis and Silent Runners please. |
#9
|
|||
|
|||
Hi Tom..The majority of the screensavers were all downloaded while we had a subscription and the games are mostly disk loaded or purchased..I uninstalled some of them that I new were probably freebees..
Here are the logs you wanted... thanks.. AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 3:17:08 PM 10/3/2006 + Scan result: C:\Program Files\180search Assistant -> Adware.180Solutions : Cleaned with backup (quarantined). C:\Program Files\SearchAssistant5\180SAInstaller.exe/ClientAX.dll -> Adware.180Solutions : Cleaned with backup (quarantined). C:\Program Files\HijackThis\backups\backup-20060930-183622-831.dll -> Adware.Coupons : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP465\A0065424.ocx -> Adware.Coupons : Cleaned with backup (quarantined). HKU\S-1-5-21-148887334-2608779621-2782552566-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{C9FD0FB1-0121-4FBF-9B54-DBA85F34D743} -> Adware.Generic : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP464\A0065290.dll -> Adware.HotBar : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP464\A0065292.exe -> Adware.HotBar : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP464\A0065294.dll -> Adware.HotBar : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP465\A0065478.DLL -> Adware.IWon : Cleaned with backup (quarantined). C:\Program Files\Common Files\Verizon Online\SFP\vzbb.dll -> Adware.MegaSearch : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP465\A0065460.EXE -> Adware.MyWebSearch : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP465\A0065484.EXE -> Adware.MyWebSearch : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0064921.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0064922.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP464\A0065297.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP464\A0065298.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP464\A0065315.dll -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP465\A0065581.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP465\A0065582.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP465\A0065583.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). HKU\S-1-5-21-148887334-2608779621-2782552566-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\Program Files\Save -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP402\A0054053.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP464\A0065299.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP465\A0065575.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP465\A0065453.dll -> Adware.Softomate : Cleaned with backup (quarantined). C:\Program Files\Common Files\Sandlot Shared\slghex.dll -> Adware.SpywareStorm : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP464\A0065289.dll -> Adware.TimeSink : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP464\A0065301.exe -> Adware.TimeSink : Cleaned with backup (quarantined). C:\Documents and Settings\Judy Townsend\My Documents\pinballSetup-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP465\A0065466.DLL -> Downloader.IstBar : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP407\A0056433.exe -> Dropper.Agent.zc : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP443\A0061630.exe -> Dropper.Agent.zc : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP462\A0065132.exe -> Dropper.Agent.zc : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP465\A0065576.exe -> Dropper.Agent.zc : Cleaned with backup (quarantined). C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP465\A0065579.exe -> Dropper.Agent.zc : Cleaned with backup (quarantined). C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@2o7[2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@bellglobemediapublishing.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@ecnext.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@homesteadtechnologies.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@ignitehealth.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@newsinteractive.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@northwestairlines.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@planetout.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@sento.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@vitacost.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@2o7[2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@meetupcom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@microsoftconsumermarket ing.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\WINDOWS\Temp\Cookies\judy townsend@2o7[2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned. C:\WINDOWS\Temp\Cookies\judy@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@ad.adition[2].txt -> TrackingCookie.Adition : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@z1.adserver[2].txt -> TrackingCookie.Adserver : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned. C:\WINDOWS\Temp\Cookies\judy townsend@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@adtech[2].txt -> TrackingCookie.Adtech : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@advertising[2].txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@advertising[1].txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned. C:\WINDOWS\Temp\Cookies\judy@advertising[1].txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\WINDOWS\Temp\Cookies\judy townsend@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\WINDOWS\Temp\Cookies\judy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@bfast[2].txt -> TrackingCookie.Bfast : Cleaned. C:\WINDOWS\Temp\Cookies\judy townsend@bfast[2].txt -> TrackingCookie.Bfast : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned. C:\WINDOWS\Temp\Cookies\judy@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@centrport[1].txt -> TrackingCookie.Centrport : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@com[2].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@bilbo.counted[1].txt -> TrackingCookie.Counted : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@www.directnetadvertising[1].txt -> TrackingCookie.Directnetadvertising : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\WINDOWS\Temp\Cookies\judy townsend@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\WINDOWS\Temp\Cookies\judy@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned. |
#10
|
|||
|
|||
continued AVG Log
C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@s.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Judy\Cookies\judy@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@ehg-adteractive.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@ehg-countryhomeproducts.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@ehg-globalindustrial.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@ehg-kodak.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\WINDOWS\Temp\Cookies\judy townsend@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\WINDOWS\Temp\Cookies\judy@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@overture[2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned. C:\WINDOWS\Temp\Cookies\judy@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@revenue[1].txt -> TrackingCookie.Revenue : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@revenue[2].txt -> TrackingCookie.Revenue : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@spylog[1].txt -> TrackingCookie.Spylog : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@spylog[1].txt -> TrackingCookie.Spylog : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@h.starware[1].txt -> TrackingCookie.Starware : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@try.starware[1].txt -> TrackingCookie.Starware : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@trafic[1].txt -> TrackingCookie.Trafic : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned. C:\WINDOWS\Temp\Cookies\judy townsend@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned. C:\WINDOWS\Temp\Cookies\judy townsend@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@yadro[2].txt -> TrackingCookie.Yadro : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@yadro[2].txt -> TrackingCookie.Yadro : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Judy Townsend\Cookies\judy townsend@zedo[1].txt -> TrackingCookie.Zedo : Cleaned. C:\Documents and Settings\Judy\Cookies\judy@zedo[1].txt -> TrackingCookie.Zedo : Cleaned. ::Report end |
#11
|
|||
|
|||
New HijackThis Log
Logfile of HijackThis v1.99.1
Scan saved at 3:39:16 PM, on 10/3/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\INSTAN~1.EXE C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\ScanSoft\Pagis\Monitor.exe C:\Program Files\PhoTags Express\Photags AutoDetect.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Verizon Online\bin\mpbtn.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\REGIST~1.EXE O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go ogleToolbarNotifier.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Pagis Schedule Monitor.lnk = C:\Program Files\ScanSoft\Pagis\Monitor.exe O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab40641.cab O16 - DPF: {0E0D50BC-E086-4E3A-B07D-C5C5869C0FFF} (Abx Control) - http://real.gamehouse.com/games/adventureball/abx.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/def...andaonline.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://sympatico.zone.msn.com/bingam...GameLoader.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab32846.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://real.gamehouse.com/games/dine...DinerDash2.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames...e.cab43895.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/inc...ivePreQual.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab41227.cab O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/def...ebLauncher.cab O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.smileyarcade.com/online2/...h.1.0.0.80.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://real.gamehouse.com/games/zuma/popcaploader.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O18 - Protocol: bw+0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll |
#12
|
|||
|
|||
part 2 HijackThis Log..
O18 - Protocol: bwh0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: offline-8876480 - {3A6CBC4D-90B6-4D7A-B5CD-ECA6D4B83008} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe |
#13
|
|||
|
|||
new silent runners log
Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++} "DellSupport" = ""C:\Program Files\Dell Support\DSAgnt.exe" /startup" ["Gteko Ltd."] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go ogleToolbarNotifier.exe" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++} "SoundMAXPnP" = "C:\Program Files\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."] "IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"] "HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"] "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."] "IntelMeM" = "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" ["Intel Corporation"] "DVDLauncher" = ""C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."] "UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"] "MMTray" = ""C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"" ["Musicmatch, Inc."] "VSOCheckTask" = ""C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask" ["McAfee, Inc."] "MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"] "MCUpdateExe" = "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"] "DMXLauncher" = "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [null data] "VirusScan Online" = "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" ["McAfee, Inc."] "MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"] "InstantAccess" = "C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\INSTAN~1. EXE /h" [null data] "RegisterDropHandler" = "C:\PROGRA~1\ScanSoft\TEXTBR~1.0\Bin\REGIST~1. EXE" [empty string] "Motive SmartBridge" = "C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" ["Motive Communications, Inc."] "OASClnt" = "C:\Program Files\McAfee.com\VSO\oasclnt.exe" ["McAfee, Inc."] "Microsoft Works Update Detection" = "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"] "MimBoot" = "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" ["Musicmatch, Inc."] "Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."] "Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}\(Default) = (no title provided) -> {HKLM...CLSID} = "Verizon Broadband Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll" [file not found] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = (no title provided) -> {HKLM...CLSID} = "UberButton Class" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo!"] {5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided) -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"] {65D886A2-7CA7-479B-BB95-14D1EFB7946A}\(Default) = (no title provided) -> {HKLM...CLSID} = "YahooTaggedBM Class" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\YIeTagBm.dll" ["Yahoo! Inc."] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt" -> {HKLM...CLSID} = "RecordNow! SendToExt" \InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data] "{7D5C4BDD-B015-4401-8731-1507B87DE297}" = "QBVersionTool" -> {HKLM...CLSID} = "VersionShellExt Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll" ["Intuit, Inc."] "{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess" -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"] "{7877C8E0-8B13-11D0-92C2-00AA004B256F}" = "Pagis Folder" -> {HKLM...CLSID} = "Pagis Folder" \InProcServer32\(Default) = "C:\Program Files\ScanSoft\Pagis\pgfolder.dll" [null data] "{7877C8E1-8B13-11D0-92C2-00AA004B256F}" = "Pagis Inbox" -> {HKLM...CLSID} = "Pagis Inbox" \InProcServer32\(Default) = "C:\Program Files\ScanSoft\Pagis\pgfolder.dll" [null data] "{7877C8E2-8B13-11D0-92C2-00AA004B256F}" = "Pagis Inbox" -> {HKLM...CLSID} = "Pagis Inbox" \InProcServer32\(Default) = "C:\Program Files\ScanSoft\Pagis\pgfolder.dll" [null data] "{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail" -> {HKLM...CLSID} = "YMailShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi20041123.dll" ["Yahoo! Inc."] "{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension" -> {HKLM...CLSID} = "KodakShellExtension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Kodak\ifscore\KodakShX.dll" ["Eastman Kodak Company"] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\ INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"] HKLM\Software\Classes\*\shellex\ContextMenuHandler s\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] SrchToolContextMenu\(Default) = "{4B83AF60-33CC-11CF-8562-00AA00A39D4B}" -> {HKLM...CLSID} = "Xerox FindExtension Context Menu" \InProcServer32\(Default) = "C:\Program Files\ScanSoft\Pagis\ctxmfind.dll" ["ScanSoft Inc."] Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}" -> {HKLM...CLSID} = "YMailShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi20041123.dll" ["Yahoo! Inc."] HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] Pagis\(Default) = "{4B83AF6A-33CC-11CF-8562-00AA00A39D4B}" -> {HKLM...CLSID} = "Pagis Folder Context Menu Item" \InProcServer32\(Default) = "C:\Program Files\ScanSoft\Pagis\fldrcntx.dll" ["ScanSoft Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\ Pagis\(Default) = "{4B83AF6A-33CC-11CF-8562-00AA00A39D4B}" -> {HKLM...CLSID} = "Pagis Folder Context Menu Item" \InProcServer32\(Default) = "C:\Program Files\ScanSoft\Pagis\fldrcntx.dll" ["ScanSoft Inc."] PhotagSearch\(Default) = "{181ED3BC-91D2-4424-B8E1-922B8F55BF56}" -> {HKLM...CLSID} = "Photags Search Handler Class" \InProcServer32\(Default) = "C:\Program Files\PhoTags Express\PWSSearchHandler.dll" [empty string] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Judy Townsend\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Startup items in "Judy Townsend" & "All Users" startup folders: --------------------------------------------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Kodak EasyShare software" -> shortcut to: "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx" [null data] "Kodak software updater" -> shortcut to: "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" [null data] "Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"] "Pagis Schedule Monitor" -> shortcut to: "C:\Program Files\ScanSoft\Pagis\Monitor.exe" ["ScanSoft Inc."] "Photags AutoDetect" -> shortcut to: "C:\Program Files\PhoTags Express\Photags AutoDetect.exe -startup" [empty string] "QuickBooks Update Agent" -> shortcut to: "C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe" ["Intuit, Inc."] "Verizon Online Support Center" -> shortcut to: "C:\Program Files\Verizon Online\bin\matcli.exe -boot" ["Motive Communications, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."] "{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}" -> {HKLM...CLSID} = "Verizon Broadband Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll" [file not found] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan" -> {HKLM...CLSID} = "McAfee VirusScan" \InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["McAfee, Inc."] "{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}" = (no title provided) -> {HKLM...CLSID} = "Verizon Broadband Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll" [file not found] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided) -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] {4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided) -> {HKLM...CLSID} = "&Yahoo! Messenger" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll" ["Yahoo! Inc."] HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided) -> {HKLM...CLSID} = "&Yahoo! Messenger" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll" ["Yahoo! Inc."] {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided) -> {HKLM...CLSID} = "Real.com" \InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ "ButtonText" = "Yahoo! Services" "CLSIDExtension" = "{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" -> {HKLM...CLSID} = "UberButton Class" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo!"] {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ "ButtonText" = "Real.com" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Internet Explorer Address Prefixes: ----------------------------------- Prefix for specific service (i.e., "www") HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL \Prefixes\ HIJACK WARNING! "?" = "http://www.buy4cheap.biz/?q=" HIJACK WARNING! "/" = "http://www.buy4cheap.biz/?q=" HIJACK WARNING! "." = "http://www.buy4cheap.biz/?q=" HIJACK WARNING! " " = "http://www.buy4cheap.biz/?q=" Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Missing lines (compared with English-language version): [Strings]: 1 line HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ HIJACK WARNING! "MGINavigationCanceled" = (empty string) HIJACK WARNING! "MGIWelcome" = (empty string) HIJACK WARNING! "MGIOfflineInformation" = (empty string) Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."] LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.ex e" ["McAfee Corporation"] McAfee Task Scheduler, McTskshd.exe, "c:\PROGRA~1\mcafee.com\agent\mctskshd.exe" ["McAfee, Inc"] McAfee WSC Integration, McDetect.exe, "c:\program files\mcafee.com\agent\mcdetect.exe" ["McAfee, Inc"] McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["McAfee Inc."] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monito rs\ Dell Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."] Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 294 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 33 seconds. ---------- (total run time: 573 seconds) |
#14
|
||||
|
||||
The AVG looks to have picked up what was left, but the cleaning you a;ready did was enough to clear things up there. Just some remnant items to correct and then clear infection out of that System Restore left to do.
Close Internet Explorer and all open windows and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis. O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing) O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing) O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go ogleToolbarNotifier.exe Code:
REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes] "?"=- "/"=- "."=- " "=- After the reboot, right-click My Computer and select Properties. Click the System Restore tab in the window that appears, and check the box that says "Turn off System Restore on all drives" and click Apply. You will be asked if you are sure, click Yes. This will delete the restore points. Then click OK in the Properties window and reboot your computer. When your desktop appears, right-click My Computer and select Properties once more. Uncheck the "Turn off System Restore..." box and click Apply. OK. Your System Restore should now be renewed and clean. |
#15
|
|||
|
|||
Ok Tom...I did all of the above..anything else...am i supposed to do a system restore now?
|
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
Hijacked Browser | peterm69 | Malware Removal | 5 | September 3rd, 2007 12:09 AM |
Browser Hijacked - Tried Everything!! | putt44 | Malware Removal | 3 | August 20th, 2004 03:33 AM |
Hijacked browser 2 | Mary Ann | Malware Removal | 1 | June 27th, 2004 04:10 AM |
browser hijacked! | laffytaffy | Malware Removal | 7 | June 17th, 2004 12:10 PM |
Hijacked Browser | Quality-1 | Malware Removal | 9 | May 10th, 2004 06:16 AM |
All times are GMT +1. The time now is 10:55 PM.