1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Internet Explorer Repeatedly Opening and crashing.

Discussion in 'Virus & Other Malware Removal' started by Wurg, Jul 8, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Wurg

    Wurg Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    12
    Hey.

    Recently, my computer has begun acting up. every minute or so, it attempts to open Internet Explorer and then tells me it needs to close, citing the addon "googletoolbar2.dll" as the source of the problem.

    (error message reads:

    Internet Explorer has encountered a problem with an add-on and needs to close.

    The following add-on was running when this problem occured:

    File: googletoolbar2.dll
    Company Name: Google Inc
    Description: Google Toolbar for Internet Explorer

    After clicking continue on this message, it gives the general IE message about it having to close, and that I may loose any unsaved data etc.)

    Its actually done this every time anyone opened IE since it failed half way through installing the google version of IE7, however, as I don't use IE, this hasn't bothered me much until now.

    However, the constant opening of IE automatically can't be a good thing, so if you can kill two birds with one stone that'd be really great.

    I'm running A genuine copy of Windows XP Home edition with SP2 installed

    Here's my HijackThis Log (its rather long. I'm guessing that's not a good thing)

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 15:09:27, on 08/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Kontiki\KService.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\DeskPins\DeskPins.exe
    C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Last.fm\LastFM.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\avp.exe
    C:\WINDOWS\mgrs.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
    C:\Documents and Settings\Peter\Desktop\HiJackThis_v2.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {69318D5A-211B-4C99-B3D0-14F47948C36C} - C:\WINDOWS\system32\pmnnn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
    O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125228854375
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125228802546
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O18 - Protocol: bw+0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: pmnnn - C:\WINDOWS\system32\pmnnn.dll
    O20 - Winlogon Notify: vtutqpo - C:\WINDOWS\SYSTEM32\vtutqpo.dll
    O20 - Winlogon Notify: winmmt32 - C:\WINDOWS\SYSTEM32\winmmt32.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

    --
    End of file - 23013 bytes
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download the Trial version of Superantispyware Pro (SAS):
    http://www.superantispyware.com/superantispyware.html?rid=3132


    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new Hijack This log.
     
  3. Wurg

    Wurg Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    12
    Before you replied, I also ran Combofix, as this seemed to help a lot of other people with similar sounding problems, so I'll also include the log for this:

    "Peter" - 2007-07-08 19:20:04 - ComboFix 07-07-07.3 - Service Pack 2


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\pmnnn.dll
    C:\WINDOWS\system32\byxvtqn.dll
    C:\WINDOWS\system32\winmmt32.dll
    C:\WINDOWS\system32\nnnmp.bak1
    C:\WINDOWS\system32\nnnmp.ini
    C:\WINDOWS\system32\vtutqpo.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
    C:\WINDOWS\avp.exe
    C:\WINDOWS\mgrs.exe
    C:\WINDOWS\system32\pthreadVC.dll


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\nm


    ((((((((((((((((((((((((( Files Created from 2007-06-08 to 2007-07-08 )))))))))))))))))))))))))))))))


    2007-07-08 19:12 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-08 19:05 <DIR> d-------- C:\DOCUME~1\Peter\.housecall6.6
    2007-07-08 14:21 61,440 --a------ C:\WINDOWS\system32\NI_DFD_1_4.dll
    2007-07-08 14:21 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_1.dll
    2007-07-08 14:21 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_0_3.dll
    2007-07-08 14:21 <DIR> d-------- C:\Program Files\Finale GPO 2.0
    2007-07-08 14:20 <DIR> d-------- C:\Psfonts
    2007-07-08 14:13 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\MakeMusic
    2007-07-08 14:13 <DIR> d-------- C:\Program Files\SmartMusic 9
    2007-07-08 14:11 <DIR> d-------- C:\Program Files\Finale 2007
    2007-07-08 08:48 <DIR> d-------- C:\WINDOWS\Simpsons Jeopardy!
    2007-07-08 08:48 <DIR> d-------- C:\Program Files\Simpsons Jeopardy!
    2007-07-08 04:21 31,232 -rahs---- C:\WINDOWS\system32\msfDX.dll
    2007-07-08 04:21 163,328 -rahs---- C:\WINDOWS\system32\flvDX.dll
    2007-07-08 04:17 <DIR> d-------- C:\Program Files\eRightSoft
    2007-07-08 03:30 <DIR> d-------- C:\Program Files\Red Kawa
    2007-07-03 23:47 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
    2007-07-03 23:46 <DIR> d-------- C:\DOCUME~1\Peter\APPLIC~1\dvdcss
    2007-07-03 22:27 <DIR> d-------- C:\Program Files\TrackMania Nations ESWC
    2007-07-03 21:54 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll
    2007-07-03 21:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2007-07-03 21:54 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2007-07-03 21:54 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
    2007-07-02 20:41 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2007-07-02 20:41 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2007-07-02 20:41 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2007-07-02 20:41 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2007-07-02 20:37 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
    2007-07-02 20:37 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
    2007-07-02 20:37 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
    2007-07-02 20:37 740,442 --a------ C:\WINDOWS\system32\DivX.dll
    2007-07-02 20:37 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
    2007-07-02 20:37 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
    2007-07-02 20:37 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
    2007-07-02 20:37 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
    2007-07-02 20:37 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
    2007-07-02 20:37 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
    2007-07-02 20:37 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
    2007-07-02 20:37 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
    2007-07-02 20:36 124,472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-07-02 20:36 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-07-01 20:53 <DIR> d-------- C:\Program Files\MAIET
    2007-07-01 19:58 <DIR> d-------- C:\Program Files\Plasma Pong
    2007-07-01 02:40 <DIR> d-------- C:\WINDOWS\system32\NtmsData
    2007-07-01 02:31 <DIR> d-------- C:\Program Files\Common Files\Apple
    2007-06-24 03:32 <DIR> d-------- C:\DOCUME~1\Peter\APPLIC~1\Azureus
    2007-06-24 03:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
    2007-06-21 01:06 67,312 --ah----- C:\WINDOWS\system32\mlfcache.dat
    2007-06-20 01:03 <DIR> d-------- C:\Program Files\ReflexiveArcade
    2007-06-18 20:58 <DIR> d-------- C:\DOCUME~1\Peter\APPLIC~1\Free Download Manager
    2007-06-18 20:57 <DIR> d-------- C:\Program Files\Free Download Manager
    2007-06-17 22:38 <DIR> d-------- C:\DOCUME~1\Stephen\APPLIC~1\MySpace
    2007-06-17 22:13 <DIR> d-------- C:\Program Files\MySpace
    2007-06-17 22:13 <DIR> d-------- C:\DOCUME~1\ANNA~1.BRO\APPLIC~1\MySpace
    2007-06-17 05:19 <DIR> d-------- C:\DOCUME~1\Peter\APPLIC~1\Sibelius Software
    2007-06-16 17:48 <DIR> d-------- C:\Program Files\Bonjour
    2007-06-16 17:47 <DIR> d-------- C:\Program Files\Safari
    2007-06-16 17:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2007-06-10 23:14 <DIR> d-------- C:\Program Files\TLJ
    2007-06-08 18:59 <DIR> d-------- C:\Program Files\RareFind


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-08 15:13:20 -------- d-----w C:\Program Files\Opera
    2007-07-08 13:45:37 -------- d-----w C:\DOCUME~1\Peter\APPLIC~1\uTorrent
    2007-07-08 13:21:44 -------- d-----w C:\Program Files\Native Instruments
    2007-07-03 22:48:11 -------- d-----w C:\Program Files\DivX
    2007-07-02 19:41:10 36,624 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2007-07-02 19:41:10 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
    2007-07-02 19:41:10 116,472 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
    2007-07-02 00:34:17 286,720 ------w C:\WINDOWS\Setup1.exe
    2007-07-01 19:41:23 -------- d-----w C:\Program Files\LucasArts
    2007-07-01 19:39:19 -------- d-----w C:\Program Files\Songbird
    2007-07-01 19:38:09 -------- d-----w C:\Program Files\XEmacs
    2007-07-01 01:35:02 -------- d-----w C:\Program Files\iTunes
    2007-07-01 01:34:41 -------- d-----w C:\Program Files\iPod
    2007-06-28 23:10:08 -------- d-----w C:\Program Files\Trillian
    2007-06-28 21:42:46 -------- d-----w C:\Program Files\Last.fm
    2007-06-16 17:04:37 -------- d-----w C:\DOCUME~1\Peter\APPLIC~1\Apple Computer
    2007-06-16 16:47:17 -------- d-----w C:\Program Files\Apple Software Update
    2007-06-05 12:37:22 -------- d-----w C:\Program Files\City of Heroes
    2007-06-01 00:12:36 -------- d-----w C:\DOCUME~1\Peter\APPLIC~1\XnView
    2007-05-31 21:35:23 -------- d-----w C:\Program Files\Core Design
    2007-05-31 03:53:37 -------- d-----w C:\Program Files\DOSBox-0.70
    2007-05-26 04:49:37 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-05-25 17:53:07 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
    2007-05-25 17:53:07 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
    2007-05-25 17:53:07 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
    2007-05-23 15:13:25 -------- d-----w C:\DOCUME~1\Peter\APPLIC~1\Joost
    2007-05-23 14:22:51 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-05-23 14:16:00 -------- d-----w C:\Program Files\Eidos Interactive
    2007-05-22 12:09:18 -------- d-----w C:\Program Files\Sibelius Software
    2007-05-21 21:33:20 -------- d-----w C:\Program Files\Neuratron PhotoScore
    2007-05-21 21:30:34 -------- d-----w C:\Program Files\Finale 2002
    2007-05-21 21:29:48 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-05-17 16:30:48 318,976 ----a-w C:\WINDOWS\system32\avisynth.dll
    2007-05-14 14:24:30 394,240 ----a-w C:\WINDOWS\system32\Smab.dll
    2007-05-13 21:38:56 -------- d-----w C:\Program Files\DevStudio
    2007-04-24 17:11:02 176,252 ----a-w C:\WINDOWS\GalleryPlayer Images Uninstaller.exe
    2007-04-20 19:45:40 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-16 21:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    2007-04-16 21:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-04-12 16:50:16 2,783,048 ----a-w C:\WINDOWS\system32\GPhotos.scr
    2004-08-03 23:56:54 60,416 --sha-w C:\WINDOWS\ServicePackFiles\i386\msimn.exe
    2006-10-23 01:14:02 5 --sha-w C:\WINDOWS\system32\cec3_s.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    2006-04-07 00:02 323904 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    2007-04-24 19:08 2403392 -ra------ c:\program files\google\googletoolbar2.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    2007-07-02 01:27 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C333CF63-767F-4831-94AC-E683D962C63C}]
    2006-05-10 00:13 65536 --a------ C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
    2006-08-20 19:55 81920 --a------ C:\Program Files\Free Download Manager\iefdmcks.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
    2005-02-22 13:50 368640 --a------ C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-22 08:33]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
    "4oD"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 18:32]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 19:31]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-24 18:04]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
    "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [2005-06-24 15:24]
    "{FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F}"="C:\WINDOWS\system32\vtutqpo.dll" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"="C:\PROGRA~1\COMMON~1\Stardock\MCPCore.dll" [2005-05-10 14:31]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
    C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 8.0 Tray Icon.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 8.0 Tray Icon.lnk
    backup=C:\WINDOWS\pss\AOL 8.0 Tray Icon.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
    backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetHelp.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetHelp.lnk
    backup=C:\WINDOWS\pss\NetHelp.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^Rainlendar.lnk]
    path=C:\Documents and Settings\Peter\Start Menu\Programs\Startup\Rainlendar.lnk
    backup=C:\WINDOWS\pss\Rainlendar.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^Shortcut to RKLauncher.exe.lnk]
    path=C:\Documents and Settings\Peter\Start Menu\Programs\Startup\Shortcut to RKLauncher.exe.lnk
    backup=C:\WINDOWS\pss\Shortcut to RKLauncher.exe.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^Shortcut to YzShadow.exe.lnk]
    path=C:\Documents and Settings\Peter\Start Menu\Programs\Startup\Shortcut to YzShadow.exe.lnk
    backup=C:\WINDOWS\pss\Shortcut to YzShadow.exe.lnkStartup
    ????

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1A:Stardock TrayMonitor]
    "C:\Program Files\Common Files\stardock\TrayServer.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
    C:\WINDOWS\avp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
    C:\Program Files\CursorXP\CursorXP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX3800 Series]
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
    "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
    C:\Program Files\Kontiki\KHost.exe -all

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    %systemroot%\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
    "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mcafee Antivirus Monitoring System8]
    VSStatmn8.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
    c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ms ownage]
    winPE.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mschkdsk.exe]
    C:\WINDOWS\system32\mschkdsk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\MSMSGS.EXE" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RunDLL32.exe NvMCTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
    C:\Program Files\McAfee.com\VSO\oasclnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OemReset]
    %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Openwares LiveUpdate]
    C:\Program Files\LiveUpdate\LiveUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Red Swoosh]
    C:\Program Files\RSSoft\RedSwoosh.exe /S

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
    C:\WINDOWS\SiSUSBrg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]
    mgrs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
    "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
    "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowFX]
    C:\Program Files\Stardock\Object Desktop\WindowFX\\wfxload.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinRoll]
    C:\Program Files\WinRoll\winroll.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
    "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
    C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yz Shadow]
    -

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "YPCService"=3 (0x3)
    "WANMiniportService"=2 (0x2)
    "IDriverT"=3 (0x3)
    "SandraTheSrv"=3 (0x3)
    "SandraDataSrv"=3 (0x3)
    "ose"=3 (0x3)
    "KodakCCS"=2 (0x2)
    "Cdrclie"=3 (0x3)
    "maya65docserver"=2 (0x2)
    "usnjsvc"=3 (0x3)
    "MDM"=2 (0x2)
    "Adobe LM Service"=3 (0x3)
    "KService"=2 (0x2)


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14d4b602-af87-11da-ac64-0090d0cd0e95}]
    AutoRun\command- F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0c39456-c03c-11da-ac7e-0090d0cd0e95}]
    AutoRun\command- F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe


    Contents of the 'Scheduled Tasks' folder
    2007-06-16 16:47:30 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-08 22:37:22
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\maya65docserver]
    "ImagePath"="\"C:\Program Files\Alias\Maya6.5\docs\wrapper.exe\" -s \"C:\Program Files\Alias\Maya6.5\docs\Wrapper.conf\""

    Completion time: 2007-07-08 22:42:39 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-08 22:42

    --- E O F ---
     
  4. Wurg

    Wurg Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    12
    SUPERAntiSpyware Log

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/09/2007 at 05:14 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3266
    Trace Rules Database Version: 1277

    Scan type : Complete Scan
    Total Scan Time : 06:19:34

    Memory items scanned : 454
    Memory threats detected : 0
    Registry items scanned : 6947
    Registry threats detected : 0
    File items scanned : 365949
    File threats detected : 399

    Adware.Tracking Cookie
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][3].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][5].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Local Settings\Temp\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna\Local Settings\Temp\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][3].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][4].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][1].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Anna.BROHANLANDING\Cookies\[email protected][2].txt
    C:\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\Documents and Settings\Maia\Cookies\[email protected][1].txt
    C:\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\LocalService\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Stephen\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Stephen\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Stephen\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Stephen\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Stephen\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Stephen\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Stephen\Cookies\[email protected][2].txt

    Adware.ClickAlchemy
    C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\ANNA\LOCAL SETTINGS\TEMP\ALCHEM.EXE

    Adware.Lop
    C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\ANNA\LOCAL SETTINGS\TEMP\BISD.EXE
    C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\APPLICATION DATA\COOL MEMO DOWNLOAD\ANTE KIND ABOUT.EXE
    C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\APPLICATION DATA\COOL MEMO DOWNLOAD\KEEP LOG REF GLOBAL.EXE
    C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\APPLICATION DATA\COOL MEMO DOWNLOAD\SKIP GRIM THE.EXE
    C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\APPLICATION DATA\TRAY PROC\DEFY KNOB.EXE
    C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\31F6945B.EXE
    C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\4C8079.EXE
    C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\JTORPFMA.EXE
    C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\QQUCUNRV.EXE
    C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\STA1F.EXE
    C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\STA2C.EXE
    C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\STA3.EXE

    Unclassified.Unknown Origin
    C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\ANNA\LOCAL SETTINGS\TEMP\DEL2.TMP

    Adware.Avenue Media/Web Rebates (TopRebates)
    C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\DJTOPR1150.EXE
    C:\MY OLD DISK STRUCTURE -- 05-08-20 0600PM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\WEBREBATES.EXE

    -- continued in next post
     
  5. Wurg

    Wurg Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    12
    Trojan.Downloader-JKill
    C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\JKILL.EXE

    Adware.180solutions/Search Assistant
    C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\NCMYB.DLL
    C:\MY OLD DISK STRUCTURE -- 05-08-20 0600PM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\DEL1.TMP
    C:\MY OLD DISK STRUCTURE -- 05-08-20 0600PM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\DEL9.TMP
    C:\MY OLD DISK STRUCTURE -- 05-08-20 0600PM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\DELB.TMP

    Adware.Avenue Media
    C:\MY OLD DISK STRUCTURE -- 05-08-20 0600PM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\CLN2.TMP

    TargetSaver, Inc. Process

    C:\MY OLD DISK STRUCTURE -- 05-08-20 0600PM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\GLFAGLFA.EXE
    C:\MY OLD DISK STRUCTURE -- 05-08-20 0600PM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\TSINSTALL_4_0_3_8_B17.EXE

    Adware.IST/SideFind
    C:\MY OLD DISK STRUCTURE -- 05-08-20 0600PM\DOCUMENTS AND SETTINGS\STEPHEN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\SPEBSDI7\SFEXD001[1].HTM

    Adware.ClickSpring/Yazzle
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1162OINUNINSTALLER.EXE.VIR

    Trojan.Downloader-Gen/AVP
    C:\QOOBOX\QUARANTINE\C\WINDOWS\AVP.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP673\A0344227.EXE

    Trojan.Downloader-UDL2
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP670\A0344155.EXE

    Trojan.Downloader-Gen/HitItQuitIt
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP673\A0344230.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP673\A0344233.DLL

    Trace.Known Threat Sources
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Anna\Local Settings\Temporary Internet Files\Content.IE5\Z1QIGVQ9\dollsnowinstall[1].aspx
    C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Anna\Local Settings\Temporary Internet Files\Content.IE5\QXSB6POX\12[1].gif

    New HijackThis Log

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 08:54:23, on 09/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\DeskPins\DeskPins.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Grisoft\AVG Free\avgcc.exe
    C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Peter\Desktop\HiJackThis_v2.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
    O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125228854375
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125228802546
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O18 - Protocol: bw+0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

    --
    End of file - 22790 bytes
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Uninstall Logitech Desktop Messenger from Add/Remove Programs

    Please download VundoFix.exe to your desktop.



    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
     
  7. Wurg

    Wurg Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    12
    Done, though VundoFix said it didn't find anything

    (note: IE has stopped opening itself, however it still wont actually work)

    Vundofix Log:


    VundoFix V6.5.4

    Checking Java version...

    Java version is 1.5.0.4
    Old versions of java are exploitable and should be removed.

    Scan started at 02:23:45 10/07/2007

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...

    New Hijackthis Log:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 02:39:10, on 10/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\DeskPins\DeskPins.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Grisoft\AVG Free\avgcc.exe
    C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
    C:\Documents and Settings\Peter\Desktop\HiJackThis_v2.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
    O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125228854375
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125228802546
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

    --
    End of file - 10758 bytes
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply.
     
  9. Wurg

    Wurg Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    12
    When the command window opened up it told me that my Windows CD was not in my drive. As it wasn't I put the disc that came with my computer (which is basically a Windows CD) in the drive. It refused to find this either, so, after pressing continue lots of times, it went away and put the log up.

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\bajjessa

    *******************

    Script file located at: \??\C:\WINDOWS\system32\qlokgips.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:



    File C:\WINDOWS\system32\pmnnn.dll not found!
    Deletion of file C:\WINDOWS\system32\pmnnn.dll failed!

    Could not process line:
    C:\WINDOWS\system32\pmnnn.dll
    Status: 0xc0000034



    File C:\WINDOWS\system32\byxvtqn.dll not found!
    Deletion of file C:\WINDOWS\system32\byxvtqn.dll failed!

    Could not process line:
    C:\WINDOWS\system32\byxvtqn.dll
    Status: 0xc0000034



    File C:\WINDOWS\system32\winmmt32.dll not found!
    Deletion of file C:\WINDOWS\system32\winmmt32.dll failed!

    Could not process line:
    C:\WINDOWS\system32\winmmt32.dll
    Status: 0xc0000034



    File C:\WINDOWS\system32\nnnmp.bak1 not found!
    Deletion of file C:\WINDOWS\system32\nnnmp.bak1 failed!

    Could not process line:
    C:\WINDOWS\system32\nnnmp.bak1
    Status: 0xc0000034



    File C:\WINDOWS\system32\nnnmp.ini not found!
    Deletion of file C:\WINDOWS\system32\nnnmp.ini failed!

    Could not process line:
    C:\WINDOWS\system32\nnnmp.ini
    Status: 0xc0000034



    File C:\WINDOWS\system32\vtutqpo.dll not found!
    Deletion of file C:\WINDOWS\system32\vtutqpo.dll failed!

    Could not process line:
    C:\WINDOWS\system32\vtutqpo.dll
    Status: 0xc0000034


    Completed script processing.

    *******************

    Finished! Terminate.
     
  10. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Now post a new Hijack This log please.
     
  11. Wurg

    Wurg Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    12
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 23:38:35, on 10/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\DeskPins\DeskPins.exe
    C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Documents and Settings\Peter\Desktop\HiJackThis_v2.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
    O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125228854375
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125228802546
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

    --
    End of file - 10870 bytes
     
  12. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    How are things now
     
  13. Wurg

    Wurg Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    12
    they're good, appart from IE still wont open. It still tells me that google toolbar has crashed it.
     
  14. Wurg

    Wurg Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    12
    Nevermind. I fixed that by disabling the addon.

    Everything works now. Thanks.
     
  15. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You're welcome.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/593203

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice