PDA

View Full Version : Smitfraud-C.Toolbar888


Mutaher
2007-05-07, 19:27
Hey,

I needed help to remove this smitfraud from my computer.

Here my log (had to do 2 pages because it had 2000+ letters):


Logfile of HijackThis v1.99.1
Scan saved at 18:21:12, on 07/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Mama\Desktop\hijackthis\HijackThis.exe
Mutaher
2007-05-07, 19:27
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Runescape.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6418E868-1DCB-4225-ACAF-30ABB940A2EB} - C:\WINDOWS\system32\byxvtst.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\Dealio.dll
O2 - BHO: (no name) - {6DB38642-A70F-4C98-B82F-80D80E29E1E0} - C:\WINDOWS\system32\khfcbyy.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8054C3E5-0154-4BBD-A89B-C581F098BD86} - C:\WINDOWS\system32\qkjfqkhy.dll (file missing)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\mlcbtejb.dll
O2 - BHO: (no name) - {F83AAAC1-9398-4880-B8A9-3332193C8304} - C:\WINDOWS\system32\pmkji.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\Dealio.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [au] "C:\Program Files\Dealio\DealioAu.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\bxlmhrvo.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [STManager] C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe -b
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: TomTom HOME.lnk = C:\Program Files\TomTom HOME\TomTomHOME.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mutaher-da-1-u-al-kno.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A81FE8CA-C0B2-456B-AB06-1E47192A6C63}: NameServer = 194.106.56.6 194.106.33.42
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB32513C-F2C0-4483-8845-1D513237B1E1}: NameServer = 212.50.160.28,194.106.33.42
O18 - Protocol: bw+0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: byxvtst - C:\WINDOWS\SYSTEM32\byxvtst.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Mutaher
2007-05-08, 00:59
Can someone help me please...i need my pc repared fast..my exams are in less than 1 week...and all these crazy stuff this virus is doing is preventing me to study...please somehelp...:banghead:
tashi
2007-05-08, 02:40
Hello.

Looks like you missed our sticky topics, "BEFORE you POST" (http://forums.spybot.info/showthread.php?t=288)... bumping delays assistance as helpers look for zero response.

We already removed a post in another member's topic and a second thread. :p:

Your thread was started today and we have many people waiting for advice, :sad: which is why we have this sticky: If you have waited FOUR days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)

If you will need to go to another forum because your situation is under pressure, which we do understand, please let us know. :)

Thanks.
Mutaher
2007-05-08, 17:25
hmmm...What do you mean by another forum?:sad:
shelf life
2007-05-12, 01:41
hi Mutaher,

do this. need two downloads, vundofix and smitfraudFix.
------------------------------
download and run vundofix.exe:

http://www.atribune.org/ccount/click.php?id=4

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
----------------------------------
download smitfraudFix to your desktop:

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter

it will scan your computer, looking for certain files.
when done it will create a log named: rapport.txt on your C: drive
------------------------------------
please post the vundo log, the smitfraud log and a new hjt log please.

shelf life
Mutaher
2007-05-12, 13:39
Just wanted to ask one question before i make this move. When you say that Vundo will promot me to reboot my computer and i click yes. Does this actually mean my computer will be rebooted?:scratch:
shelf life
2007-05-12, 15:35
its possible that it may or may not reboot. if you click yes and it dosnt reboot, then i would restart it myself.
Mutaher
2007-05-12, 19:30
SmitFraudFix v2.181

Scan done at 18:29:10.28, 12/05/2007
Run from C:\Documents and Settings\Mama\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mama


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mama\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Mama\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://65.54.162.250/cgi-bin/getmsg/images.jpg?&msg=11E20470-34ED-4F4E-9C24-160C6AE00873&start=0&len=6650&mimepart=3&curmbox=00000000-0000-0000-0000-000000000001&b=9f3e256a46863f4aa46c7ec53119fafb&disk=10.1.106.206_d1682&login=nadeemys&domain=hotmail%2ecom&hm___sig=b2deffee01c6760f89ca92ef9f7d2fc5a4c88666a1812944"
"SubscribedURL"="http://65.54.162.250/cgi-bin/getmsg/images.jpg?&msg=11E20470-34ED-4F4E-9C24-160C6AE00873&start=0&len=6650&mimepart=3&curmbox=00000000-0000-0000-0000-000000000001&b=9f3e256a46863f4aa46c7ec53119fafb&disk=10.1.106.206_d1682&login=nadeemys&domain=hotmail%2ecom&hm___sig=b2deffee01c6760f89ca92ef9f7d2fc5a4c88666a1812944"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 194.106.56.6
DNS Server Search Order: 194.106.33.42

Description: ULi PCI Fast Ethernet Controller - Packet Scheduler Miniport
DNS Server Search Order: 212.50.160.28
DNS Server Search Order: 194.106.33.42

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A81FE8CA-C0B2-456B-AB06-1E47192A6C63}: NameServer=194.106.56.6 194.106.33.42
HKLM\SYSTEM\CCS\Services\Tcpip\..\{AB32513C-F2C0-4483-8845-1D513237B1E1}: NameServer=212.50.160.28,194.106.33.42
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A81FE8CA-C0B2-456B-AB06-1E47192A6C63}: NameServer=194.106.56.6 194.106.33.42
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AB32513C-F2C0-4483-8845-1D513237B1E1}: NameServer=212.50.160.28,194.106.33.42
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A81FE8CA-C0B2-456B-AB06-1E47192A6C63}: NameServer=194.106.56.6 194.106.33.42
HKLM\SYSTEM\CS3\Services\Tcpip\..\{AB32513C-F2C0-4483-8845-1D513237B1E1}: NameServer=212.50.160.28,194.106.33.42


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Mutaher
2007-05-12, 19:31
Logfile of HijackThis v1.99.1
Scan saved at 18:30:28, on 12/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mama\Desktop\hijackthis\HijackThis.exe
Mutaher
2007-05-12, 19:32
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Runescape.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6418E868-1DCB-4225-ACAF-30ABB940A2EB} - C:\WINDOWS\system32\byxvtst.dll (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8054C3E5-0154-4BBD-A89B-C581F098BD86} - C:\WINDOWS\system32\qkjfqkhy.dll (file missing)
O2 - BHO: (no name) - {F83AAAC1-9398-4880-B8A9-3332193C8304} - C:\WINDOWS\system32\pmkji.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\Dealio.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [au] "C:\Program Files\Dealio\DealioAu.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\bxlmhrvo.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [STManager] C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe -b
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: TomTom HOME.lnk = C:\Program Files\TomTom HOME\TomTomHOME.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mutaher-da-1-u-al-kno.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A81FE8CA-C0B2-456B-AB06-1E47192A6C63}: NameServer = 194.106.56.6 194.106.33.42
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB32513C-F2C0-4483-8845-1D513237B1E1}: NameServer = 212.50.160.28,194.106.33.42
O18 - Protocol: bw+0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
shelf life
2007-05-13, 01:07
hi Mutaher,

good. i got your pm. log dosnt look that bad.
if you want you can look in add/remove programs panel and uninstall:

Desktop Messenger

all it does is check for updates to logitech products. how many updates can a mouse have??? what kind of BS is that?????

are things any better on that end now after the vundofix?

shelf life
Mutaher
2007-05-13, 03:25
hi shelf live,

I have removed Desktop Messenger aswell. Im afraid the smitfraud isnt gone yet. Is there more?
shelf life
2007-05-13, 19:19
hi Mutaher,

could you scan with vundofix again and this time post the report it generates.
also another download to get and run, combofix.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
-------------------
please post:a new hjt log, the vundo log and the combofix log

shelf life

EDIT:
that toolbar you have: Dealio
while it may not be malware, toolbars are very suspect, leave it for now. we can come back to it later.
Mutaher
2007-05-15, 20:18
hi shelf live,

The vundofix scan did not fight any problems..im confused...
shelf life
2007-05-15, 22:58
hi Mutaher,

ok. can you post the vundo log and a new hjt log. did you download and run combofix yet?

shelf life
Mutaher
2007-05-16, 00:01
"Mama" - 2007-05-15 22:57:18 Service Pack 2
ComboFix 07-05.13.V - Running from: "C:\Documents and Settings\Mama\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bxlmhrvo.dll
C:\WINDOWS\system32\ovrhmlxb.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\NDNuninstall6_98.exe
C:\WINDOWS\NDNuninstall7_14.exe
C:\install.log


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-15 ))))))))))))))))))))))))))))))))))


2007-05-15 19:10 <DIR> d-------- C:\Program Files\Intuwave Ltd
2007-05-15 00:46 <DIR> d-------- C:\OUTPUT
2007-05-15 00:46 <DIR> d-------- C:\My Media
2007-05-15 00:46 <DIR> d-------- C:\My Downloads
2007-05-15 00:46 <DIR> d-------- C:\MPLAYER
2007-05-15 00:45 <DIR> d--h----- C:\CanoScan
2007-05-15 00:45 <DIR> d-------- C:\Mattel Interactive
2007-05-15 00:45 <DIR> d-------- C:\Downloads
2007-05-15 00:45 <DIR> d-------- C:\DATOS
2007-05-13 00:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-05-13 00:26 <DIR> d-------- C:\Program Files\Bonjour
2007-05-13 00:19 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-05-12 19:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-05-12 18:29 2,964 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-12 18:28 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-05-12 18:28 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-05-12 18:28 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-05-12 18:08 <DIR> d-------- C:\VundoFix Backups
2007-05-07 15:06 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-05-07 15:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZILLAbar
2007-05-07 15:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2007-05-07 14:18 897,382 ---hs---- C:\WINDOWS\system32\ijkmp.bak2
2007-05-04 22:40 871,656 --a------ C:\WINDOWS\dbplugin.exe
2007-05-04 22:40 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2007-05-04 22:40 249,904 --a------ C:\WINDOWS\system32\dbxDgrevCheck.dll
2007-05-04 22:40 163,920 --a------ C:\WINDOWS\system32\DNLEng.dll
2007-05-04 22:40 143,360 --a------ C:\WINDOWS\PICN1120.dll
2007-05-04 22:40 143,360 --a------ C:\WINDOWS\picn1020.dll
2007-05-04 22:40 <DIR> d-------- C:\WINDOWS\system32\DNAML
2007-04-29 13:18 <DIR> d-------- C:\DOCUME~1\Mama\APPLIC~1\teamspeak2
2007-04-29 13:17 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-04-21 01:02 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-04-21 01:02 <DIR> d-------- C:\DOCUME~1\Mama\harmony
2007-04-16 00:34 <DIR> d-------- C:\Program Files\Common Files\Xuisoft


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-15 20:31:08 -------- d-----w C:\Program Files\SwiftSwitch
2007-05-15 18:11:14 -------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-05-15 18:10:38 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-12 18:19:15 -------- d-----w C:\Program Files\Yahoo!
2007-05-04 21:40:52 6,597 ----a-w C:\WINDOWS\mozver.dat
2007-05-04 00:11:21 -------- d-----w C:\Program Files\BearShare
2007-05-03 16:04:48 -------- d-----w C:\Program Files\Codemasters
2007-04-21 22:14:26 -------- d-----w C:\DOCUME~1\Mama\APPLIC~1\Netscape
2007-04-14 12:35:32 -------- d-----w C:\Program Files\Rm To AVI VCD SVCD DVD MPEG Converter
2007-04-14 12:35:18 -------- d-----w C:\Program Files\RM to MP3 Converter
2007-04-14 12:33:14 -------- d-----w C:\Program Files\Boilsoft MOV Converter
2007-04-14 12:07:53 -------- d-----w C:\Program Files\BitTorrent
2007-04-14 12:06:05 -------- d-----w C:\DOCUME~1\Mama\APPLIC~1\Corel
2007-04-14 12:06:00 -------- d-----w C:\Program Files\Corel
2007-04-14 11:59:46 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-14 11:31:55 88 --sh--r C:\WINDOWS\system32\01EE8B9371.sys
2007-04-05 10:44:25 -------- d-----w C:\Program Files\World of Warcraft
2007-04-05 00:28:38 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-04-02 11:55:26 -------- d-----w C:\Program Files\WoW-2.0.0-enUS-Installer
2007-03-31 16:35:02 -------- d-----w C:\Program Files\HyCam2
2007-03-25 08:24:41 -------- d-----w C:\Program Files\Web Page Maker V2
2007-03-23 21:44:00 120 ----a-w C:\drmHeader.bin
2007-03-21 19:54:16 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL
2007-03-21 19:54:16 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
2007-03-21 19:54:16 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 19:23:40 -------- d-----w C:\Program Files\MSN Messenger
2007-03-15 11:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 11:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 12:50:49 -------- d-----w C:\Program Files\Conquer 2.0
2007-03-04 02:12:30 982,544 ----a-w C:\WINDOWS\BBC Online Space.dat
2007-03-04 02:12:30 28,672 ----a-w C:\WINDOWS\system32\ssconfig.exe
2007-03-04 02:12:29 466,944 ----a-w C:\WINDOWS\BBC Online Space.scr
2007-03-04 02:12:29 180,224 ----a-w C:\WINDOWS\UninstallWSST.exe
2007-03-01 08:48:56 2 ----a-w C:\WINDOWS\system32\vrecorder.dll
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{8054C3E5-0154-4BBD-A89B-C581F098BD86}=C:\WINDOWS\system32\qkjfqkhy.dll []
{F83AAAC1-9398-4880-B8A9-3332193C8304}=C:\WINDOWS\system32\pmkji.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"SoundMan"="SOUNDMAN.EXE"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"BearShare"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 17:41]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"SoundMan"="SOUNDMAN.EXE" [])
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 C:\WINDOWS\system32\bthprops.cpl])
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-01 12:57]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]
"STManager"="C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe" [2003-10-16 13:25 C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe])

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"STManager"="C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe -b"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://65.54.162.250/cgi-bin/getmsg/images.jpg?&msg=11E20470-34ED-4F4E-9C24-160C6AE00873&start=0&len=6650&mimepart=3&curmbox=00000000-0000-0000-0000-000000000001&b=9f3e256a46863f4aa46c7ec53119fafb&disk=10.1.106.206_d1682&login=nadeemys&domain=hotmail%2ecom&hm___sig=b2deffee01c6760f89ca92ef9f7d2fc5a4c88666a1812944


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0
bthsvcs BthServ\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8dd6e55-0b89-11db-bc2e-00138f0b4803}]
Shell\AutoRun\command G:\InstallTomTomHOME.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-15 23:00:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-15 23:00:21
C:\ComboFix-quarantined-files.txt ... 2007-05-15 23:00
Mutaher
2007-05-16, 00:09
VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 18:08:11 12/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\balsisln.dll
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\byxvtst.dll
C:\WINDOWS\system32\cpipoyna.dll
C:\WINDOWS\system32\dkomchwx.dll
C:\WINDOWS\system32\eniykaot.dll
C:\WINDOWS\system32\ffxtauqk.dll
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\hggefgg.dll
C:\WINDOWS\system32\hyscgguo.dll
C:\WINDOWS\system32\jlqxfaoy.dll
C:\WINDOWS\system32\khfcbyy.dll
C:\WINDOWS\system32\kvringja.dll
C:\WINDOWS\system32\kvwyvlhm.dll
C:\WINDOWS\system32\mlcbtejb.dll
C:\WINDOWS\system32\ocyxdkgc.dll
C:\WINDOWS\system32\qrutv.ini
C:\WINDOWS\system32\tkotjgia.dll
C:\WINDOWS\system32\ubfqlusb.dll
C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\vturqqo.dll
C:\WINDOWS\system32\wkadomcx.dll
C:\WINDOWS\system32\xusicqpm.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\balsisln.dll
C:\WINDOWS\system32\balsisln.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxvtst.dll
C:\WINDOWS\system32\byxvtst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cpipoyna.dll
C:\WINDOWS\system32\cpipoyna.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dkomchwx.dll
C:\WINDOWS\system32\dkomchwx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\eniykaot.dll
C:\WINDOWS\system32\eniykaot.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ffxtauqk.dll
C:\WINDOWS\system32\ffxtauqk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\gebcb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggefgg.dll
C:\WINDOWS\system32\hggefgg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hyscgguo.dll
C:\WINDOWS\system32\hyscgguo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlqxfaoy.dll
C:\WINDOWS\system32\jlqxfaoy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kvringja.dll
C:\WINDOWS\system32\kvringja.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kvwyvlhm.dll
C:\WINDOWS\system32\kvwyvlhm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlcbtejb.dll
C:\WINDOWS\system32\mlcbtejb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ocyxdkgc.dll
C:\WINDOWS\system32\ocyxdkgc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qrutv.ini
C:\WINDOWS\system32\qrutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\tkotjgia.dll
C:\WINDOWS\system32\tkotjgia.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ubfqlusb.dll
C:\WINDOWS\system32\ubfqlusb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\vturq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturqqo.dll
C:\WINDOWS\system32\vturqqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wkadomcx.dll
C:\WINDOWS\system32\wkadomcx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xusicqpm.dll
C:\WINDOWS\system32\xusicqpm.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 19:11:44 13/05/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 19:04:12 15/05/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 20:29:19 15/05/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 23:01:39 15/05/2007

Listing files found while scanning....
Mutaher
2007-05-16, 00:25
Logfile of HijackThis v1.99.1
Scan saved at 23:10:15, on 15/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Mama\Desktop\VundoFix.exe
C:\Program Files\SwiftSwitch\SwiftSwitch.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Mama\Desktop\hijackthis\HijackThis.exe
Mutaher
2007-05-16, 00:26
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8054C3E5-0154-4BBD-A89B-C581F098BD86} - C:\WINDOWS\system32\qkjfqkhy.dll (file missing)
O2 - BHO: (no name) - {F83AAAC1-9398-4880-B8A9-3332193C8304} - C:\WINDOWS\system32\pmkji.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [STManager] C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe -b
O4 - Startup: TomTom HOME.lnk = C:\Program Files\TomTom HOME\TomTomHOME.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mutaher-da-1-u-al-kno.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A81FE8CA-C0B2-456B-AB06-1E47192A6C63}: NameServer = 194.106.56.6 194.106.33.42
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB32513C-F2C0-4483-8845-1D513237B1E1}: NameServer = 212.50.160.28,194.106.33.42
O18 - Protocol: bw+0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
Mutaher
2007-05-16, 00:27
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Lol..the second bit had 7 charaters more..so i put the last bit here..:crowned:
shelf life
2007-05-16, 02:21
hi Mutaher,

ok thanks for all the info.


scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {8054C3E5-0154-4BBD-A89B-C581F098BD86} - C:\WINDOWS\system32\qkjfqkhy.dll (file missing)

O2 - BHO: (no name) - {F83AAAC1-9398-4880-B8A9-3332193C8304} - C:\WINDOWS\system32\pmkji.dll (file missing)

is that version 6.0 of bearshare?

shelf life
Mutaher
2007-05-16, 17:21
hi shelf life,

I done what you told me to. I removed bearshare i dont use it anymore...:D:
shelf life
2007-05-16, 23:24
hi Mutaher



I removed bearshare

ok just checking, some of the older free versions if i remember right came with some extra add ons (which is not unquie to file sharing apps although some people like to think it is)you dont need or probably want.

that Dealio toolbar looks harmless. hows it going on that end now?

shelf life
Mutaher
2007-05-17, 00:45
ok..now ive done all the steps...the smitfraud is still there lol...
shelf life
2007-05-17, 02:57
hi Mutaher,

ok thanks for the info.
its spybot thats finding it, right?
lets try this:

1.download The Avenger by Swandog46 to your Desktop:
avenger (http://swandog46.geekstogo.com/avenger.zip)

Click on Avenger.zip to open the file
Extract avenger.exe to desktop


2. Copy all the text contained in the code box thats below to your clipboard by highlighting it and pressing (Ctrl+C):



Files to delete:
C:\WINDOWS\system32\bxlmhrvo.dll
C:\WINDOWS\system32\ovrhmlxb.ini
C:\WINDOWS\system32\ijkmp.bak2


start Avenger program by clicking on its icon on your desktop.

Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically :

* It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
* On reboot, it will briefly open a black command window on your desktop, this is normal.
* After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
* The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a new HJT log .
Mutaher
2007-05-17, 17:38
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tmwxyidn

*******************

Script file located at: \??\C:\Program Files\vhbxewup.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\bxlmhrvo.dll not found!
Deletion of file C:\WINDOWS\system32\bxlmhrvo.dll failed!

Could not process line:
C:\WINDOWS\system32\bxlmhrvo.dll
Status: 0xc0000034

File C:\WINDOWS\system32\ovrhmlxb.ini deleted successfully.
File C:\WINDOWS\system32\ijkmp.bak2 deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Mutaher
2007-05-17, 17:40
Logfile of HijackThis v1.99.1
Scan saved at 16:39:17, on 17/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mama\Desktop\hijackthis1\HijackThis.exe
Mutaher
2007-05-17, 17:41
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [STManager] C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe -b
O4 - Startup: TomTom HOME.lnk = C:\Program Files\TomTom HOME\TomTomHOME.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mutaher-da-1-u-al-kno.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A81FE8CA-C0B2-456B-AB06-1E47192A6C63}: NameServer = 194.106.56.6 194.106.33.42
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB32513C-F2C0-4483-8845-1D513237B1E1}: NameServer = 212.50.160.28,194.106.33.42
O18 - Protocol: bw+0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
shelf life
2007-05-18, 02:17
hi Mutaher,

thanks for the info. hows it looking on that end now?
try running spybot again and see if it flags anything. if it does please generate a spybot report. you can do it like this:

Open SpyBot. On the toolbar menu select mode and switch to advanced mode. on the left....lower down, select tools,then>> at top>view report. Ensure all the options are selected near the bottom except:

[ ]dont check these three:
1) do not report disabled or known legitimate Items,
2)include list of winsock LSP,
3)include list of services.

then select(near the top) the view report button.. Press export, in the save in box choose a place such as your my documents folder,or desktop then. copy/paste that log in next reply.
trying to keep the report short. really only intrested in what spybot is flagging as smitfraud toolbar if anything.

shelf life
Mutaher
2007-05-18, 20:08
Is was to large so i compressed it to zip folder ;)

Click below for the report...:laugh:

Spybot report
shelf life
2007-05-19, 04:55
hi Mutaher,

thanks for the info. didnt see anything helpful in the spybot log. are you still having problems with spybot flagging smtifraud?

shelf life
Mutaher
2007-05-19, 12:21
do i have to scan first then show the report?
shelf life
2007-05-20, 16:41
hi Mutaher,

yes i would scan then save that report. just want to see if spybot is still flagging something as smitfraud and what it is. if it is it will display it after the scan is done.
Mutaher
2007-05-21, 17:43
Hi shelf life,

I scanned and viewed the report here it is..:cool:

1408
shelf life
2007-05-22, 04:27
hi Mutaher,

thanks for the log. its looks ok to me. you sure you uninstalled bearshare via the add/remove programs panel?

shelf life
Mutaher
2007-05-22, 17:01
Hi shelf life,

Yes. I am sure that i have removed Bearshare. Its still detects smitfraud and many other problems..:sad:
shelf life
2007-05-23, 00:07
hi,


Its still detects smitfraud and many other problems.

lets get another download to see what it can dig up on your computer- its also made by AVG. lets run it in safe mode after it gets updated:we will also run spybot and clean out some temps:

Download AVG Anti-Spyware(formerly ewido) and save that file to your
desktop:

http://www.ewido.net/en/download/

This is a 30 day trial of the program

1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop
and double-click it to launch the set up program.
2. Once the setup is complete you will need run ewido and update the definition
files.
3. On the main screen select the icon "Update" then select the "
Update now" link.
* Next select the "Start Update" button, the update will start and a
progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of
the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then
select "Quarantine".
6. Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"

close AVG
-------------------------
might want to copy/paste this into notepad and save it somewhere so you can read it in safe mode:

reboot into safe mode, to reach safe mode tap the f8 key during a computer restart, chose the first option safe mode.
ok once in safe mode:

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
* Select the "Scanner" icon at the top and then the "Scan" tab
then click on "Complete System Scan".
* ewido will now begin the scanning process, be patient this may take a little
time.
Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all
actions"
* Next select the "Reports" icon at the top.
* Select the "Save report as" button in the lower left hand of the
screen and save it to a text file on your system (make sure to remember where
you saved that file, this is important). Please post the AVG log in next reply along with a new hjt log.

while you are in safe mode, also run spybot.

and do this:

Empty your Temp folders. Go to Start > Run and type:cleanmgr. Windows will scan. When done check these 3 and press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin
-------------------------------------
after the above, reboot computer normally.post the saved AVG report and a new hjt log........
Mutaher
2007-05-24, 13:40
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:21:36 24/05/2007

+ Scan result:



C:\WINDOWS\system32\dbxDgrevCheck.dll -> Adware.Agent : Cleaned.
C:\System Volume Information\_restore{C2519C6A-9764-4A28-92B7-143AC9D7F4CB}\RP308\A0242492.dll -> Adware.BHO : Cleaned.
C:\Documents and Settings\Mama\Desktop\Otha\block-checker-xp.exe/1 -> Adware.IMAd : Cleaned.
C:\Program Files\Infection\NNADFS638.EXE -> Adware.NewDotNet : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall6_98.exe.vir -> Adware.NewDotNet : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall7_14.exe.vir -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{C2519C6A-9764-4A28-92B7-143AC9D7F4CB}\RP308\A0241322.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{C2519C6A-9764-4A28-92B7-143AC9D7F4CB}\RP308\A0241323.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{C2519C6A-9764-4A28-92B7-143AC9D7F4CB}\RP308\A0241324.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{C2519C6A-9764-4A28-92B7-143AC9D7F4CB}\RP323\A0246733.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{C2519C6A-9764-4A28-92B7-143AC9D7F4CB}\RP323\A0246734.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{C2519C6A-9764-4A28-92B7-143AC9D7F4CB}\RP310\A0243599.exe -> Adware.SpyHunter : Cleaned.
C:\Documents and Settings\Mama\Desktop\Otha\Gutterball2Setup-dm.exe -> Adware.Trymedia : Cleaned.
C:\Documents and Settings\Mama\Desktop\Otha\reSetup-dm.exe -> Adware.Trymedia : Cleaned.
D:\software\eDonkey\overnet0.49.4.exe -> Adware.Ucmore : Cleaned.
D:\software\newsgroup readers\eDonkey\overnet0.49.4.exe -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{C2519C6A-9764-4A28-92B7-143AC9D7F4CB}\RP310\A0242579.exe/28j8gh.exe -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{C2519C6A-9764-4A28-92B7-143AC9D7F4CB}\RP312\A0243874.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{C2519C6A-9764-4A28-92B7-143AC9D7F4CB}\RP312\A0243880.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{C2519C6A-9764-4A28-92B7-143AC9D7F4CB}\RP312\A0243891.dll -> Adware.Virtumonde : Cleaned.
C:\VundoFix Backups\byxvtst.dll.bad -> Adware.Virtumonde : Cleaned.
C:\VundoFix Backups\hggefgg.dll.bad -> Adware.Virtumonde : Cleaned.
C:\VundoFix Backups\vturqqo.dll.bad -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{C2519C6A-9764-4A28-92B7-143AC9D7F4CB}\RP317\A0245752.dll -> Adware.WinAD : Cleaned.
C:\System Volume Information\_restore{C2519C6A-9764-4A28-92B7-143AC9D7F4CB}\RP308\A0241329.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{C2519C6A-9764-4A28-92B7-143AC9D7F4CB}\RP323\A0246484.exe -> Adware.Zango : Cleaned.
D:\Mutaher c drive\Setup.exe -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{C2519C6A-9764-4A28-92B7-143AC9D7F4CB}\RP317\A0245677.exe -> Dropper.VB.kk : Cleaned.
C:\System Volume Information\_restore{C2519C6A-9764-4A28-92B7-143AC9D7F4CB}\RP317\A0245633.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned.
D:\software\snitch.exe -> Not-A-Virus.PSWTool.Win32.Snitch.11 : Cleaned.
:mozilla.288:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.7:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.8:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.10:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.118:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.131:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.132:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.133:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.134:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.136:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.173:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.287:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.502:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.512:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mama\Cookies\mama@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mama\Cookies\mama@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mama\Cookies\mama@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.147:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.148:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.149:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.191:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.24:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.25:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.33:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.34:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.9:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.10:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Mama\Cookies\mama@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.294:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.23:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.64:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.65:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.21:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.22:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.71:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.326:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.327:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.78:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.79:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.221:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.222:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.330:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.331:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.332:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.80:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.81:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Mama\Cookies\mama@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.217:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.218:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.15:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Mama\Cookies\mama@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.28:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.297:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.298:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.44:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.45:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.46:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.47:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.48:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.49:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.50:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.51:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.12:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.114:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.115:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.366:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.770:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.771:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.772:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.773:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.774:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.775:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.776:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.777:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.778:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.251:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.132:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.133:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
Mutaher
2007-05-24, 13:41
:mozilla.396:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.397:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.329:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.624:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Intelli-tracker : Cleaned.
:mozilla.260:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.261:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.262:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.330:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.331:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.683:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.684:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.685:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.686:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.687:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.314:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.99:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.327:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.328:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.179:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Need2find : Cleaned.
:mozilla.180:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Need2find : Cleaned.
:mozilla.32:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.33:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.333:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.334:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.186:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.187:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.499:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.500:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.501:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.17:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.391:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.29:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.30:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.31:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.32:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.194:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.195:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.196:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.518:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.519:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.197:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.199:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.200:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.522:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.523:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.339:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.340:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.212:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.527:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.528:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.529:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.530:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.531:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.532:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.533:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.534:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.535:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.536:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.537:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.646:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.101:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.102:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.218:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.219:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.220:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.221:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.63:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Mama\Cookies\mama@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Mama\Cookies\mama@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.175:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.176:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.338:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.661:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.662:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.716:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.717:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.285:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.286:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.565:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.566:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.567:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.568:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.115:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Mama\Cookies\mama@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.700:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.241:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.242:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.63:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.596:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.162:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.163:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.164:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.244:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.245:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.599:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.600:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.246:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.201:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.202:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.203:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.204:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.258:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.259:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.192:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.113:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.282:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.283:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.284:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.285:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.286:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\emr2tek9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.633:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.640:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.641:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.642:C:\Documents and Settings\Mama\Application Data\Mozilla\Firefox\Profiles\yvga8d52.Mama\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{C2519C6A-9764-4A28-92B7-143AC9D7F4CB}\RP317\A0245676.exe -> Trojan.Dialer.oy : Cleaned.
D:\software\SVCD RIP PACK\CinemaCraft.Encoder.SP.v2.66.01.07.WinALL.Cracked-CCF\patches\ccfcce7p.exe -> Trojan.Feutel.av : Cleaned.
D:\software\SVCD RIP PACK\CinemaCraft.Encoder.SP.v2.66.01.07.WinALL.Cracked-CCF\patches\ccfcce7s.exe -> Trojan.Feutel.av : Cleaned.
C:\System Volume Information\_restore{C2519C6A-9764-4A28-92B7-143AC9D7F4CB}\RP310\A0242579.exe/loadadv449.exe -> Trojan.Inject.bs : Cleaned.


::Report end
Mutaher
2007-05-24, 13:45
Logfile of HijackThis v1.99.1
Scan saved at 12:42:42, on 24/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mama\Desktop\hijackthis\HijackThis.exe
Mutaher
2007-05-24, 13:46
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [STManager] C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe -b
O4 - Startup: TomTom HOME.lnk = C:\Program Files\TomTom HOME\TomTomHOME.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mutaher-da-1-u-al-kno.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB32513C-F2C0-4483-8845-1D513237B1E1}: NameServer = 212.50.160.28,194.106.33.42
O18 - Protocol: bw+0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
Mutaher
2007-05-24, 13:47
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
shelf life
2007-05-25, 04:20
hi,

good. thanks for the info. looks like AVG found a couple of items. we can clean out the restore archive later, dont worry about the cookies, they are pretty much harmless. if spybot is still flagging stuff do this:

do a scan with spybot. when its done right click in the window and select "copy results to clipboard" then open notepad and select paste to transfer the .txt to notepad. save it somewhere and post saved text here in next reply.

shelf life
Mutaher
2007-05-25, 10:11
DoubleClick: Tracking cookie (Internet Explorer: Mama) (Cookie, nothing done)


Avenue A, Inc.: Tracking cookie (Internet Explorer: Mama) (Cookie, nothing done)


Statcounter: Tracking cookie (Internet Explorer: Mama) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-05-04 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-04-18 advcheck.dll (1.5.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-05-09 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-05-09 Includes\DialerC.sbi (*)
2007-04-04 Includes\Hijackers.sbi (*)
2007-05-09 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-05-09 Includes\KeyloggersC.sbi (*)
2007-03-21 Includes\Malware.sbi (*)
2007-05-09 Includes\MalwareC.sbi (*)
2003-03-16 Includes\plugin-ignore.ini
2007-03-21 Includes\PUPS.sbi (*)
2007-05-09 Includes\PUPSC.sbi (*)
2007-05-09 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-05-09 Includes\SecurityC.sbi (*)
2007-03-21 Includes\Spybots.sbi (*)
2007-05-09 Includes\SpybotsC.sbi (*)
2003-03-16 Includes\Temporary.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-05-02 Includes\Trojans.sbi (*)
2007-05-09 Includes\TrojansC.sbi (*)
Mutaher
2007-05-25, 10:13
This is after i done fix problems. It says fixed but its still there.

DoubleClick: Tracking cookie (Internet Explorer: Mama) (Cookie, fixed)


Avenue A, Inc.: Tracking cookie (Internet Explorer: Mama) (Cookie, fixed)


Statcounter: Tracking cookie (Internet Explorer: Mama) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-05-04 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-04-18 advcheck.dll (1.5.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-05-09 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-05-09 Includes\DialerC.sbi (*)
2007-04-04 Includes\Hijackers.sbi (*)
2007-05-09 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-05-09 Includes\KeyloggersC.sbi (*)
2007-03-21 Includes\Malware.sbi (*)
2007-05-09 Includes\MalwareC.sbi (*)
2003-03-16 Includes\plugin-ignore.ini
2007-03-21 Includes\PUPS.sbi (*)
2007-05-09 Includes\PUPSC.sbi (*)
2007-05-09 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-05-09 Includes\SecurityC.sbi (*)
2007-03-21 Includes\Spybots.sbi (*)
2007-05-09 Includes\SpybotsC.sbi (*)
2003-03-16 Includes\Temporary.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-05-02 Includes\Trojans.sbi (*)
2007-05-09 Includes\TrojansC.sbi (*)
Mutaher
2007-05-25, 10:24
o wait ignore wat i said..i just done a scan and it says no threats where found.:cool:...thanks alot for your help.
shelf life
2007-05-26, 23:29
hi Mutaher,

ok. good. lets make new restore points. sometimes crap can get archived in them. very easy to due:

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310405
-------------------------------------------------------------
to prevent malware its important to know how it gets on your computer, your software cant think for you.
please read this:
Prevention-- or The Things I Do Or Dont Do (http://security-central.us/SafeHex/prevention.htm)

shelf life