Results 1 to 5 of 5

Thread: reports:regarding VirusBurst, SpywareStrike and other desktop type hijacks

  1. 2006-10-02, 18:51 #1
    k4m135h
    k4m135h is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    14

    Default reports:regarding VirusBurst, SpywareStrike and other desktop type hijacks

    hey, i'm having problems on with my computer and the symptons, are very frustrating
    here are my logs:
    rapport.txt
    ewido log
    the hjt log

    smitfraudfix clean log:
    SmitFraudFix v2.104

    Scan done at 15:35:12.39, 02/10/2006
    Run from D:\Documents and Settings\Geeta\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
  2. 2006-10-02, 18:52 #2
    k4m135h
    k4m135h is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    14

    Default

    Ewido log

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 17:16:41 02/10/2006

    + Scan result:



    D:\WINDOWS\R2VldGE\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
    D:\WINDOWS\R2VldGE\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
    C:\Installer4.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
    D:\Documents and Settings\Geeta\mt-uninstaller.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP551\A0127168.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127216.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127297.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127320.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127352.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127408.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    D:\Program Files\ToolBar888 -> Adware.ToolBar888 : Cleaned with backup (quarantined).
    D:\Program Files\ToolBar888\MyToolBar.dll -> Adware.ToolBar888 : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127003.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127029.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127088.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127118.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127152.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP551\A0127182.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127214.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127280.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127299.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127318.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127351.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127407.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
    D:\Documents and Settings\Geeta\drsmartload1135a.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0126983.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0126989.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127037.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127095.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127117.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127149.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP551\A0127204.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127212.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127278.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127295.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127317.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127349.exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
    D:\Documents and Settings\Geeta\pass.exe -> Downloader.Harnig.cu : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127331.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127405.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
    D:\TORRENTS\Other stuff\viviplay.exe -> Dropper.Agent.ams : Cleaned with backup (quarantined).
    D:\WINDOWS\Downloaded Program Files\speedtest2.dll -> Not-A-Virus.Downloader.Win32.InsTool.a : Ignored.
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127330.EXE -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127404.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
    D:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
    D:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
    D:\Documents and Settings\Geeta\a.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0126984.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0126988.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127036.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127094.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP550\A0127116.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127211.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127277.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127294.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127316.exe -> Worm.VB.ao : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{2390A0C9-23B7-45C8-9170-8566FCCB775E}\RP552\A0127348.exe -> Worm.VB.ao : Cleaned with backup (quarantined).


    ::Report end
  3. 2006-10-02, 18:53 #3
    k4m135h
    k4m135h is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    14

    Default

    Logfile of HijackThis v1.99.1
    Scan saved at 17:41:01, on 02/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\htpatch.exe
    D:\WINDOWS\system32\CTHELPER.EXE
    D:\Program Files\Logitech\iTouch\iTouch.exe
    D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\Documents and Settings\Geeta\Yinstall.exe
    D:\Program Files\ewido anti-spyware 4.0\ewido.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    D:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
    D:\Program Files\MSN Messenger\msgr.exe
    D:\WINDOWS\System32\Ati2evxx.exe
    D:\WINDOWS\system32\Ctsvccda.exe
    D:\Program Files\ewido anti-spyware 4.0\guard.exe
    D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\MsPMSPSv.exe
    D:\Program Files\Network Associates\VirusScan\Mcshield.exe
    D:\Program Files\Creative\SBLive\RemoteCenter\Rc\EAX.exe
    D:\Program Files\Creative\SBLive\RemoteCenter\Rc\VRC.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Creative\SBLive\RemoteCenter\Center\RCenter.exe
    D:\Program Files\Creative\ShareDLL\MEDIADET.EXE
    D:\Program Files\Creative\SBLive\RemoteCenter\Rc\OSDMenu.EXE
    D:\Program Files\hijackthis\HijackThis.exe
    D:\WINDOWS\system32\wscntfy.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [MVRescue] C:\MVRescue\mvrescue quit
    O4 - HKLM\..\Run: [HTpatch] D:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] D:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032404 serial=DR12WTX-9999998-YSP lang=EN
    O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [MW1HelperStartUp] D:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
    O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [explorer] D:\Documents and Settings\Geeta\Yinstall.exe
    O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] \Program\
    O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\SBLive\RemoteCenter\Rc\RcMan.EXE
    O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gulab1.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120081644984
    O16 - DPF: {734F9B2D-283D-11D4-A58A-0048546BCAF4} (B2Mixer Class) - http://www.momix.co.uk/bin/beat2000.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O18 - Protocol: bw+0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {5F2733E5-F33F-4C94-BDDD-1357D9D6BD57} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
  4. 2006-10-02, 18:54 #4
    k4m135h
    k4m135h is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    14

    Default

    O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\Ctsvccda.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
  5. 2006-10-03, 14:50 #5
    Metallica
    Metallica is offline
    Expert-Visiting Fellow Metallica's Avatar
    Join Date
    Jan 2006
    Posts
    370

    Default

    You are being helped here:
    http://forums.spybot.info/showthread.php?t=7741

    So I am closing this one to avoid wasting someones time.
    Regards,

    Pieter

    MS-MVP Consumer Security 2003-2009
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules