PDA

View Full Version : reports:regarding VirusBurst, SpywareStrike and other desktop type hijacks



k4m135h
2006-10-02, 19:51
hey, i'm having problems on with my computer and the symptons, are very frustrating
here are my logs:
rapport.txt
ewido log
the hjt log

smitfraudfix clean log:
SmitFraudFix v2.104

Scan done at 15:35:12.39, 02/10/2006
Run from D:\Documents and Settings\Geeta\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

k4m135h
2006-10-02, 19:52
Ewido log

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 17:16:41 02/10/2006

+ Scan result:



D:\WINDOWS\R2VldGE\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
D:\WINDOWS\R2VldGE\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Installer4.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
D:\Documents and Settings\Geeta\mt-uninstaller.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP551\A0127168.dll -> Adware.Softomate : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127216.dll -> Adware.Softomate : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127297.dll -> Adware.Softomate : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127320.dll -> Adware.Softomate : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127352.dll -> Adware.Softomate : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127408.dll -> Adware.Softomate : Cleaned with backup (quarantined).
D:\Program Files\ToolBar888 -> Adware.ToolBar888 : Cleaned with backup (quarantined).
D:\Program Files\ToolBar888\MyToolBar.dll -> Adware.ToolBar888 : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127003.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127029.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127088.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127118.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127152.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP551\A0127182.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127214.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127280.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127299.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127318.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127351.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127407.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
D:\Documents and Settings\Geeta\drsmartload1135a.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0126983.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0126989.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127037.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127095.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127117.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127149.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP551\A0127204.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127212.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127278.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127295.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127317.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127349.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
D:\Documents and Settings\Geeta\pass.exe -> Downloader.Harnig.cu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127331.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127405.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
D:\TORRENTS\Other stuff\viviplay.exe -> Dropper.Agent.ams : Cleaned with backup (quarantined).
D:\WINDOWS\Downloaded Program Files\speedtest2.dll -> Not-A-Virus.Downloader.Win32.InsTool.a : Ignored.
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127330.EXE -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127404.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
D:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
D:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
D:\Documents and Settings\Geeta\a.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0126984.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0126988.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127036.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127094.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127116.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127211.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127277.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127294.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127316.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127348.exe -> Worm.VB.ao : Cleaned with backup (quarantined).


::Report end

k4m135h
2006-10-02, 19:53
Logfile of HijackThis v1.99.1
Scan saved at 17:41:01, on 02/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\htpatch.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Documents and Settings\Geeta\Yinstall.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
D:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
D:\Program Files\MSN Messenger\msgr.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\Ctsvccda.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Rc\EAX.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Rc\VRC.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Creative\SBLive\RemoteCenter\Center\RCenter.exe
D:\Program Files\Creative\ShareDLL\MEDIADET.EXE
D:\Program Files\Creative\SBLive\RemoteCenter\Rc\OSDMenu.EXE
D:\Program Files\hijackthis\HijackThis.exe
D:\WINDOWS\system32\wscntfy.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MVRescue] C:\MVRescue\mvrescue quit
O4 - HKLM\..\Run: [HTpatch] D:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] D:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032404 serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MW1HelperStartUp] D:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [explorer] D:\Documents and Settings\Geeta\Yinstall.exe
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gulab1.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120081644984
O16 - DPF: {734F9B2D-283D-11D4-A58A-0048546BCAF4} (B2Mixer Class) - http://www.momix.co.uk/bin/beat2000.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Protocol: bw+0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

k4m135h
2006-10-02, 19:54
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\Ctsvccda.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

Metallica
2006-10-03, 15:50
You are being helped here:
http://forums.spybot.info/showthread.php?t=7741

So I am closing this one to avoid wasting someones time.