Smitfraud-C.Toolbar888

[Mutaher]

Hey,

I needed help to remove this smitfraud from my computer.

Here my log (had to do 2 pages because it had 2000+ letters):


Logfile of HijackThis v1.99.1
Scan saved at 18:21:12, on 07/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Mama\Desktop\hijackthis\HijackThis.exe

 

[Mutaher]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Runescape.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6418E868-1DCB-4225-ACAF-30ABB940A2EB} - C:\WINDOWS\system32\byxvtst.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\Dealio.dll
O2 - BHO: (no name) - {6DB38642-A70F-4C98-B82F-80D80E29E1E0} - C:\WINDOWS\system32\khfcbyy.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8054C3E5-0154-4BBD-A89B-C581F098BD86} - C:\WINDOWS\system32\qkjfqkhy.dll (file missing)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\mlcbtejb.dll
O2 - BHO: (no name) - {F83AAAC1-9398-4880-B8A9-3332193C8304} - C:\WINDOWS\system32\pmkji.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\Dealio.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [au] "C:\Program Files\Dealio\DealioAu.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\bxlmhrvo.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [STManager] C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe -b
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: TomTom HOME.lnk = C:\Program Files\TomTom HOME\TomTomHOME.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mutaher-da-1-u-al-kno.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A81FE8CA-C0B2-456B-AB06-1E47192A6C63}: NameServer = 194.106.56.6 194.106.33.42
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB32513C-F2C0-4483-8845-1D513237B1E1}: NameServer = 212.50.160.28,194.106.33.42
O18 - Protocol: bw+0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: byxvtst - C:\WINDOWS\SYSTEM32\byxvtst.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

[Mutaher]

Can someone help me please...i need my pc repared fast..my exams are in less than 1 week...and all these crazy stuff this virus is doing is preventing me to study...please somehelp...:banghead:

 

[tashi]

Hello.

Looks like you missed our sticky topics, "BEFORE you POST" ... bumping delays assistance as helpers look for zero response.

We already removed a post in another member's topic and a second thread. :

Your thread was started today and we have many people waiting for advice, :sad: which is why we have this sticky: If you have waited FOUR days for advice post here.

If you will need to go to another forum because your situation is under pressure, which we do understand, please let us know.

Thanks.

 

[Mutaher]

hmmm...What do you mean by another forum?:sad:

 

[shelf life]

hi Mutaher,

do this. need two downloads, vundofix and smitfraudFix.
------------------------------
download and run vundofix.exe:

http://www.atribune.org/ccount/click.php?id=4

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
----------------------------------
download smitfraudFix to your desktop:

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter

it will scan your computer, looking for certain files.
when done it will create a log named: rapport.txt on your C: drive
------------------------------------
please post the vundo log, the smitfraud log and a new hjt log please.

shelf life

 

[Mutaher]

Just wanted to ask one question before i make this move. When you say that Vundo will promot me to reboot my computer and i click yes. Does this actually mean my computer will be rebooted?:scratch:

 

[shelf life]

its possible that it may or may not reboot. if you click yes and it dosnt reboot, then i would restart it myself.

 

[Mutaher]

SmitFraudFix v2.181

Scan done at 18:29:10.28, 12/05/2007
Run from C:\Documents and Settings\Mama\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mama


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mama\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Mama\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://65.54.162.250/cgi-bin/getmsg/images.jpg?&msg=11E20470-34ED-4F4E-9C24-160C6AE00873&start=0&len=6650&mimepart=3&curmbox=00000000-0000-0000-0000-000000000001&b=9f3e256a46863f4aa46c7ec53119fafb&disk=10.1.106.206_d1682&login=nadeemys&domain=hotmail%2ecom&hm___sig=b2deffee01c6760f89ca92ef9f7d2fc5a4c88666a1812944"
"SubscribedURL"="http://65.54.162.250/cgi-bin/getmsg/images.jpg?&msg=11E20470-34ED-4F4E-9C24-160C6AE00873&start=0&len=6650&mimepart=3&curmbox=00000000-0000-0000-0000-000000000001&b=9f3e256a46863f4aa46c7ec53119fafb&disk=10.1.106.206_d1682&login=nadeemys&domain=hotmail%2ecom&hm___sig=b2deffee01c6760f89ca92ef9f7d2fc5a4c88666a1812944"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 194.106.56.6
DNS Server Search Order: 194.106.33.42

Description: ULi PCI Fast Ethernet Controller - Packet Scheduler Miniport
DNS Server Search Order: 212.50.160.28
DNS Server Search Order: 194.106.33.42

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A81FE8CA-C0B2-456B-AB06-1E47192A6C63}: NameServer=194.106.56.6 194.106.33.42
HKLM\SYSTEM\CCS\Services\Tcpip\..\{AB32513C-F2C0-4483-8845-1D513237B1E1}: NameServer=212.50.160.28,194.106.33.42
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A81FE8CA-C0B2-456B-AB06-1E47192A6C63}: NameServer=194.106.56.6 194.106.33.42
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AB32513C-F2C0-4483-8845-1D513237B1E1}: NameServer=212.50.160.28,194.106.33.42
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A81FE8CA-C0B2-456B-AB06-1E47192A6C63}: NameServer=194.106.56.6 194.106.33.42
HKLM\SYSTEM\CS3\Services\Tcpip\..\{AB32513C-F2C0-4483-8845-1D513237B1E1}: NameServer=212.50.160.28,194.106.33.42


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

[Mutaher]

first part of hijack scan

Logfile of HijackThis v1.99.1
Scan saved at 18:30:28, on 12/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mama\Desktop\hijackthis\HijackThis.exe

 

[Mutaher]

second bit of hijack scan

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Runescape.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6418E868-1DCB-4225-ACAF-30ABB940A2EB} - C:\WINDOWS\system32\byxvtst.dll (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8054C3E5-0154-4BBD-A89B-C581F098BD86} - C:\WINDOWS\system32\qkjfqkhy.dll (file missing)
O2 - BHO: (no name) - {F83AAAC1-9398-4880-B8A9-3332193C8304} - C:\WINDOWS\system32\pmkji.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\Dealio.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [au] "C:\Program Files\Dealio\DealioAu.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\bxlmhrvo.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [STManager] C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe -b
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: TomTom HOME.lnk = C:\Program Files\TomTom HOME\TomTomHOME.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mutaher-da-1-u-al-kno.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A81FE8CA-C0B2-456B-AB06-1E47192A6C63}: NameServer = 194.106.56.6 194.106.33.42
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB32513C-F2C0-4483-8845-1D513237B1E1}: NameServer = 212.50.160.28,194.106.33.42
O18 - Protocol: bw+0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

[shelf life]

hi Mutaher,

good. i got your pm. log dosnt look that bad.
if you want you can look in add/remove programs panel and uninstall:

Desktop Messenger

all it does is check for updates to logitech products. how many updates can a mouse have??? what kind of BS is that?????

are things any better on that end now after the vundofix?

shelf life

 

[Mutaher]

hi shelf live,

I have removed Desktop Messenger aswell. Im afraid the smitfraud isnt gone yet. Is there more?

 

[shelf life]

hi Mutaher,

could you scan with vundofix again and this time post the report it generates.
also another download to get and run, combofix.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
-------------------
please post:a new hjt log, the vundo log and the combofix log

shelf life

EDIT:
that toolbar you have: Dealio
while it may not be malware, toolbars are very suspect, leave it for now. we can come back to it later.

 

[Mutaher]

hi shelf live,

The vundofix scan did not fight any problems..im confused...

 

[shelf life]

hi Mutaher,

ok. can you post the vundo log and a new hjt log. did you download and run combofix yet?

shelf life

 

[Mutaher]

Combofix Log!

"Mama" - 2007-05-15 22:57:18 Service Pack 2
ComboFix 07-05.13.V - Running from: "C:\Documents and Settings\Mama\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bxlmhrvo.dll
C:\WINDOWS\system32\ovrhmlxb.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\NDNuninstall6_98.exe
C:\WINDOWS\NDNuninstall7_14.exe
C:\install.log


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-15 ))))))))))))))))))))))))))))))))))


2007-05-15 19:10 <DIR> d-------- C:\Program Files\Intuwave Ltd
2007-05-15 00:46 <DIR> d-------- C:\OUTPUT
2007-05-15 00:46 <DIR> d-------- C:\My Media
2007-05-15 00:46 <DIR> d-------- C:\My Downloads
2007-05-15 00:46 <DIR> d-------- C:\MPLAYER
2007-05-15 00:45 <DIR> d--h----- C:\CanoScan
2007-05-15 00:45 <DIR> d-------- C:\Mattel Interactive
2007-05-15 00:45 <DIR> d-------- C:\Downloads
2007-05-15 00:45 <DIR> d-------- C:\DATOS
2007-05-13 00:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-05-13 00:26 <DIR> d-------- C:\Program Files\Bonjour
2007-05-13 00:19 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-05-12 19:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-05-12 18:29 2,964 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-12 18:28 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-05-12 18:28 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-05-12 18:28 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-05-12 18:08 <DIR> d-------- C:\VundoFix Backups
2007-05-07 15:06 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-05-07 15:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZILLAbar
2007-05-07 15:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2007-05-07 14:18 897,382 ---hs---- C:\WINDOWS\system32\ijkmp.bak2
2007-05-04 22:40 871,656 --a------ C:\WINDOWS\dbplugin.exe
2007-05-04 22:40 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2007-05-04 22:40 249,904 --a------ C:\WINDOWS\system32\dbxDgrevCheck.dll
2007-05-04 22:40 163,920 --a------ C:\WINDOWS\system32\DNLEng.dll
2007-05-04 22:40 143,360 --a------ C:\WINDOWS\PICN1120.dll
2007-05-04 22:40 143,360 --a------ C:\WINDOWS\picn1020.dll
2007-05-04 22:40 <DIR> d-------- C:\WINDOWS\system32\DNAML
2007-04-29 13:18 <DIR> d-------- C:\DOCUME~1\Mama\APPLIC~1\teamspeak2
2007-04-29 13:17 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-04-21 01:02 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-04-21 01:02 <DIR> d-------- C:\DOCUME~1\Mama\harmony
2007-04-16 00:34 <DIR> d-------- C:\Program Files\Common Files\Xuisoft


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-15 20:31:08 -------- d-----w C:\Program Files\SwiftSwitch
2007-05-15 18:11:14 -------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-05-15 18:10:38 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-12 18:19:15 -------- d-----w C:\Program Files\Yahoo!
2007-05-04 21:40:52 6,597 ----a-w C:\WINDOWS\mozver.dat
2007-05-04 00:11:21 -------- d-----w C:\Program Files\BearShare
2007-05-03 16:04:48 -------- d-----w C:\Program Files\Codemasters
2007-04-21 22:14:26 -------- d-----w C:\DOCUME~1\Mama\APPLIC~1\Netscape
2007-04-14 12:35:32 -------- d-----w C:\Program Files\Rm To AVI VCD SVCD DVD MPEG Converter
2007-04-14 12:35:18 -------- d-----w C:\Program Files\RM to MP3 Converter
2007-04-14 12:33:14 -------- d-----w C:\Program Files\Boilsoft MOV Converter
2007-04-14 12:07:53 -------- d-----w C:\Program Files\BitTorrent
2007-04-14 12:06:05 -------- d-----w C:\DOCUME~1\Mama\APPLIC~1\Corel
2007-04-14 12:06:00 -------- d-----w C:\Program Files\Corel
2007-04-14 11:59:46 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-14 11:31:55 88 --sh--r C:\WINDOWS\system32\01EE8B9371.sys
2007-04-05 10:44:25 -------- d-----w C:\Program Files\World of Warcraft
2007-04-05 00:28:38 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-04-02 11:55:26 -------- d-----w C:\Program Files\WoW-2.0.0-enUS-Installer
2007-03-31 16:35:02 -------- d-----w C:\Program Files\HyCam2
2007-03-25 08:24:41 -------- d-----w C:\Program Files\Web Page Maker V2
2007-03-23 21:44:00 120 ----a-w C:\drmHeader.bin
2007-03-21 19:54:16 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL
2007-03-21 19:54:16 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
2007-03-21 19:54:16 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 19:23:40 -------- d-----w C:\Program Files\MSN Messenger
2007-03-15 11:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 11:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 12:50:49 -------- d-----w C:\Program Files\Conquer 2.0
2007-03-04 02:12:30 982,544 ----a-w C:\WINDOWS\BBC Online Space.dat
2007-03-04 02:12:30 28,672 ----a-w C:\WINDOWS\system32\ssconfig.exe
2007-03-04 02:12:29 466,944 ----a-w C:\WINDOWS\BBC Online Space.scr
2007-03-04 02:12:29 180,224 ----a-w C:\WINDOWS\UninstallWSST.exe
2007-03-01 08:48:56 2 ----a-w C:\WINDOWS\system32\vrecorder.dll
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{8054C3E5-0154-4BBD-A89B-C581F098BD86}=C:\WINDOWS\system32\qkjfqkhy.dll []
{F83AAAC1-9398-4880-B8A9-3332193C8304}=C:\WINDOWS\system32\pmkji.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"SoundMan"="SOUNDMAN.EXE"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"BearShare"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 17:41]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"SoundMan"="SOUNDMAN.EXE" [])
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 C:\WINDOWS\system32\bthprops.cpl])
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-01 12:57]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]
"STManager"="C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe" [2003-10-16 13:25 C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe])

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"STManager"="C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe -b"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://65.54.162.250/cgi-bin/getmsg...effee01c6760f89ca92ef9f7d2fc5a4c88666a1812944


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0
bthsvcs BthServ\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8dd6e55-0b89-11db-bc2e-00138f0b4803}]
Shell\AutoRun\command G:\InstallTomTomHOME.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-15 23:00:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-15 23:00:21
C:\ComboFix-quarantined-files.txt ... 2007-05-15 23:00

 

[Mutaher]

Vundofix Log!

VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 18:08:11 12/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\balsisln.dll
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\byxvtst.dll
C:\WINDOWS\system32\cpipoyna.dll
C:\WINDOWS\system32\dkomchwx.dll
C:\WINDOWS\system32\eniykaot.dll
C:\WINDOWS\system32\ffxtauqk.dll
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\hggefgg.dll
C:\WINDOWS\system32\hyscgguo.dll
C:\WINDOWS\system32\jlqxfaoy.dll
C:\WINDOWS\system32\khfcbyy.dll
C:\WINDOWS\system32\kvringja.dll
C:\WINDOWS\system32\kvwyvlhm.dll
C:\WINDOWS\system32\mlcbtejb.dll
C:\WINDOWS\system32\ocyxdkgc.dll
C:\WINDOWS\system32\qrutv.ini
C:\WINDOWS\system32\tkotjgia.dll
C:\WINDOWS\system32\ubfqlusb.dll
C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\vturqqo.dll
C:\WINDOWS\system32\wkadomcx.dll
C:\WINDOWS\system32\xusicqpm.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\balsisln.dll
C:\WINDOWS\system32\balsisln.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxvtst.dll
C:\WINDOWS\system32\byxvtst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cpipoyna.dll
C:\WINDOWS\system32\cpipoyna.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dkomchwx.dll
C:\WINDOWS\system32\dkomchwx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\eniykaot.dll
C:\WINDOWS\system32\eniykaot.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ffxtauqk.dll
C:\WINDOWS\system32\ffxtauqk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\gebcb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggefgg.dll
C:\WINDOWS\system32\hggefgg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hyscgguo.dll
C:\WINDOWS\system32\hyscgguo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlqxfaoy.dll
C:\WINDOWS\system32\jlqxfaoy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kvringja.dll
C:\WINDOWS\system32\kvringja.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kvwyvlhm.dll
C:\WINDOWS\system32\kvwyvlhm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlcbtejb.dll
C:\WINDOWS\system32\mlcbtejb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ocyxdkgc.dll
C:\WINDOWS\system32\ocyxdkgc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qrutv.ini
C:\WINDOWS\system32\qrutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\tkotjgia.dll
C:\WINDOWS\system32\tkotjgia.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ubfqlusb.dll
C:\WINDOWS\system32\ubfqlusb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\vturq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturqqo.dll
C:\WINDOWS\system32\vturqqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wkadomcx.dll
C:\WINDOWS\system32\wkadomcx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xusicqpm.dll
C:\WINDOWS\system32\xusicqpm.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 19:11:44 13/05/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 19:04:12 15/05/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 20:29:19 15/05/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 23:01:39 15/05/2007

Listing files found while scanning....

 

[Mutaher]

Hijac Log!

Logfile of HijackThis v1.99.1
Scan saved at 23:10:15, on 15/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Mama\Desktop\VundoFix.exe
C:\Program Files\SwiftSwitch\SwiftSwitch.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Mama\Desktop\hijackthis\HijackThis.exe

 

[Mutaher]

Second Bit Of Hijac Log!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8054C3E5-0154-4BBD-A89B-C581F098BD86} - C:\WINDOWS\system32\qkjfqkhy.dll (file missing)
O2 - BHO: (no name) - {F83AAAC1-9398-4880-B8A9-3332193C8304} - C:\WINDOWS\system32\pmkji.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [STManager] C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe -b
O4 - Startup: TomTom HOME.lnk = C:\Program Files\TomTom HOME\TomTomHOME.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mutaher-da-1-u-al-kno.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A81FE8CA-C0B2-456B-AB06-1E47192A6C63}: NameServer = 194.106.56.6 194.106.33.42
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB32513C-F2C0-4483-8845-1D513237B1E1}: NameServer = 212.50.160.28,194.106.33.42
O18 - Protocol: bw+0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0s - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {BEB383EF-71E7-48FD-9668-E3F98ECEE5D4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe