Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Solved: Internet Explorer Repeatedly Opening and crashing.

2K views 14 replies 2 participants last post by  Cheeseball81 
#1 ·
Hey.

Recently, my computer has begun acting up. every minute or so, it attempts to open Internet Explorer and then tells me it needs to close, citing the addon "googletoolbar2.dll" as the source of the problem.

(error message reads:

Internet Explorer has encountered a problem with an add-on and needs to close.

The following add-on was running when this problem occured:

File: googletoolbar2.dll
Company Name: Google Inc
Description: Google Toolbar for Internet Explorer

After clicking continue on this message, it gives the general IE message about it having to close, and that I may loose any unsaved data etc.)

Its actually done this every time anyone opened IE since it failed half way through installing the google version of IE7, however, as I don't use IE, this hasn't bothered me much until now.

However, the constant opening of IE automatically can't be a good thing, so if you can kill two birds with one stone that'd be really great.

I'm running A genuine copy of Windows XP Home edition with SP2 installed

Here's my HijackThis Log (its rather long. I'm guessing that's not a good thing)

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:09:27, on 08/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\DeskPins\DeskPins.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Documents and Settings\Peter\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {69318D5A-211B-4C99-B3D0-14F47948C36C} - C:\WINDOWS\system32\pmnnn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125228854375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125228802546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O18 - Protocol: bw+0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: pmnnn - C:\WINDOWS\system32\pmnnn.dll
O20 - Winlogon Notify: vtutqpo - C:\WINDOWS\SYSTEM32\vtutqpo.dll
O20 - Winlogon Notify: winmmt32 - C:\WINDOWS\SYSTEM32\winmmt32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 23013 bytes
 
See less See more
#2 ·
Download the Trial version of Superantispyware Pro (SAS):
http://www.superantispyware.com/superantispyware.html?rid=3132

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new Hijack This log.
 
#3 ·
Before you replied, I also ran Combofix, as this seemed to help a lot of other people with similar sounding problems, so I'll also include the log for this:

"Peter" - 2007-07-08 19:20:04 - ComboFix 07-07-07.3 - Service Pack 2

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\byxvtqn.dll
C:\WINDOWS\system32\winmmt32.dll
C:\WINDOWS\system32\nnnmp.bak1
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\vtutqpo.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\system32\pthreadVC.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\nm

((((((((((((((((((((((((( Files Created from 2007-06-08 to 2007-07-08 )))))))))))))))))))))))))))))))

2007-07-08 19:12 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-08 19:05 d-------- C:\DOCUME~1\Peter\.housecall6.6
2007-07-08 14:21 61,440 --a------ C:\WINDOWS\system32\NI_DFD_1_4.dll
2007-07-08 14:21 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_1.dll
2007-07-08 14:21 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_0_3.dll
2007-07-08 14:21 d-------- C:\Program Files\Finale GPO 2.0
2007-07-08 14:20 d-------- C:\Psfonts
2007-07-08 14:13 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\MakeMusic
2007-07-08 14:13 d-------- C:\Program Files\SmartMusic 9
2007-07-08 14:11 d-------- C:\Program Files\Finale 2007
2007-07-08 08:48 d-------- C:\WINDOWS\Simpsons Jeopardy!
2007-07-08 08:48 d-------- C:\Program Files\Simpsons Jeopardy!
2007-07-08 04:21 31,232 -rahs---- C:\WINDOWS\system32\msfDX.dll
2007-07-08 04:21 163,328 -rahs---- C:\WINDOWS\system32\flvDX.dll
2007-07-08 04:17 d-------- C:\Program Files\eRightSoft
2007-07-08 03:30 d-------- C:\Program Files\Red Kawa
2007-07-03 23:47 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-07-03 23:46 d-------- C:\DOCUME~1\Peter\APPLIC~1\dvdcss
2007-07-03 22:27 d-------- C:\Program Files\TrackMania Nations ESWC
2007-07-03 21:54 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-07-03 21:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-07-03 21:54 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-07-03 21:54 d-------- C:\Program Files\K-Lite Codec Pack
2007-07-02 20:41 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-02 20:41 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-02 20:41 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-02 20:41 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-02 20:37 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-02 20:37 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-02 20:37 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-02 20:37 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-02 20:37 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-02 20:37 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-02 20:37 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-02 20:37 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-02 20:37 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-02 20:37 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-02 20:37 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-02 20:37 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-02 20:36 124,472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-02 20:36 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-01 20:53 d-------- C:\Program Files\MAIET
2007-07-01 19:58 d-------- C:\Program Files\Plasma Pong
2007-07-01 02:40 d-------- C:\WINDOWS\system32\NtmsData
2007-07-01 02:31 d-------- C:\Program Files\Common Files\Apple
2007-06-24 03:32 d-------- C:\DOCUME~1\Peter\APPLIC~1\Azureus
2007-06-24 03:32 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-06-21 01:06 67,312 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-06-20 01:03 d-------- C:\Program Files\ReflexiveArcade
2007-06-18 20:58 d-------- C:\DOCUME~1\Peter\APPLIC~1\Free Download Manager
2007-06-18 20:57 d-------- C:\Program Files\Free Download Manager
2007-06-17 22:38 d-------- C:\DOCUME~1\Stephen\APPLIC~1\MySpace
2007-06-17 22:13 d-------- C:\Program Files\MySpace
2007-06-17 22:13 d-------- C:\DOCUME~1\ANNA~1.BRO\APPLIC~1\MySpace
2007-06-17 05:19 d-------- C:\DOCUME~1\Peter\APPLIC~1\Sibelius Software
2007-06-16 17:48 d-------- C:\Program Files\Bonjour
2007-06-16 17:47 d-------- C:\Program Files\Safari
2007-06-16 17:47 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-10 23:14 d-------- C:\Program Files\TLJ
2007-06-08 18:59 d-------- C:\Program Files\RareFind

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-08 15:13:20 -------- d-----w C:\Program Files\Opera
2007-07-08 13:45:37 -------- d-----w C:\DOCUME~1\Peter\APPLIC~1\uTorrent
2007-07-08 13:21:44 -------- d-----w C:\Program Files\Native Instruments
2007-07-03 22:48:11 -------- d-----w C:\Program Files\DivX
2007-07-02 19:41:10 36,624 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-02 19:41:10 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-07-02 19:41:10 116,472 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-07-02 00:34:17 286,720 ------w C:\WINDOWS\Setup1.exe
2007-07-01 19:41:23 -------- d-----w C:\Program Files\LucasArts
2007-07-01 19:39:19 -------- d-----w C:\Program Files\Songbird
2007-07-01 19:38:09 -------- d-----w C:\Program Files\XEmacs
2007-07-01 01:35:02 -------- d-----w C:\Program Files\iTunes
2007-07-01 01:34:41 -------- d-----w C:\Program Files\iPod
2007-06-28 23:10:08 -------- d-----w C:\Program Files\Trillian
2007-06-28 21:42:46 -------- d-----w C:\Program Files\Last.fm
2007-06-16 17:04:37 -------- d-----w C:\DOCUME~1\Peter\APPLIC~1\Apple Computer
2007-06-16 16:47:17 -------- d-----w C:\Program Files\Apple Software Update
2007-06-05 12:37:22 -------- d-----w C:\Program Files\City of Heroes
2007-06-01 00:12:36 -------- d-----w C:\DOCUME~1\Peter\APPLIC~1\XnView
2007-05-31 21:35:23 -------- d-----w C:\Program Files\Core Design
2007-05-31 03:53:37 -------- d-----w C:\Program Files\DOSBox-0.70
2007-05-26 04:49:37 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-25 17:53:07 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-05-25 17:53:07 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-05-25 17:53:07 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-05-23 15:13:25 -------- d-----w C:\DOCUME~1\Peter\APPLIC~1\Joost
2007-05-23 14:22:51 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-23 14:16:00 -------- d-----w C:\Program Files\Eidos Interactive
2007-05-22 12:09:18 -------- d-----w C:\Program Files\Sibelius Software
2007-05-21 21:33:20 -------- d-----w C:\Program Files\Neuratron PhotoScore
2007-05-21 21:30:34 -------- d-----w C:\Program Files\Finale 2002
2007-05-21 21:29:48 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-17 16:30:48 318,976 ----a-w C:\WINDOWS\system32\avisynth.dll
2007-05-14 14:24:30 394,240 ----a-w C:\WINDOWS\system32\Smab.dll
2007-05-13 21:38:56 -------- d-----w C:\Program Files\DevStudio
2007-04-24 17:11:02 176,252 ----a-w C:\WINDOWS\GalleryPlayer Images Uninstaller.exe
2007-04-20 19:45:40 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 21:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 21:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-12 16:50:16 2,783,048 ----a-w C:\WINDOWS\system32\GPhotos.scr
2004-08-03 23:56:54 60,416 --sha-w C:\WINDOWS\ServicePackFiles\i386\msimn.exe
2006-10-23 01:14:02 5 --sha-w C:\WINDOWS\system32\cec3_s.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-04-07 00:02 323904 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-04-24 19:08 2403392 -ra------ c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-07-02 01:27 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C333CF63-767F-4831-94AC-E683D962C63C}]
2006-05-10 00:13 65536 --a------ C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
2006-08-20 19:55 81920 --a------ C:\Program Files\Free Download Manager\iefdmcks.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
2005-02-22 13:50 368640 --a------ C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-22 08:33]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 18:32]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 19:31]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-24 18:04]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [2005-06-24 15:24]
"{FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F}"="C:\WINDOWS\system32\vtutqpo.dll" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"="C:\PROGRA~1\COMMON~1\Stardock\MCPCore.dll" [2005-05-10 14:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\AOL 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetHelp.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetHelp.lnk
backup=C:\WINDOWS\pss\NetHelp.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^Rainlendar.lnk]
path=C:\Documents and Settings\Peter\Start Menu\Programs\Startup\Rainlendar.lnk
backup=C:\WINDOWS\pss\Rainlendar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^Shortcut to RKLauncher.exe.lnk]
path=C:\Documents and Settings\Peter\Start Menu\Programs\Startup\Shortcut to RKLauncher.exe.lnk
backup=C:\WINDOWS\pss\Shortcut to RKLauncher.exe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^Shortcut to YzShadow.exe.lnk]
path=C:\Documents and Settings\Peter\Start Menu\Programs\Startup\Shortcut to YzShadow.exe.lnk
backup=C:\WINDOWS\pss\Shortcut to YzShadow.exe.lnkStartup
????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1A:Stardock TrayMonitor]
"C:\Program Files\Common Files\stardock\TrayServer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
C:\Program Files\CursorXP\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX3800 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
C:\Program Files\Kontiki\KHost.exe -all

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
"C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mcafee Antivirus Monitoring System8]
VSStatmn8.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ms ownage]
winPE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mschkdsk.exe]
C:\WINDOWS\system32\mschkdsk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\MSMSGS.EXE" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RunDLL32.exe NvMCTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OemReset]
%systemroot%\OPTIONS\OEMRESET.EXE /AUDIT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Openwares LiveUpdate]
C:\Program Files\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Red Swoosh]
C:\Program Files\RSSoft\RedSwoosh.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]
mgrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowFX]
C:\Program Files\Stardock\Object Desktop\WindowFX\\wfxload.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinRoll]
C:\Program Files\WinRoll\winroll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
"c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yz Shadow]
-

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YPCService"=3 (0x3)
"WANMiniportService"=2 (0x2)
"IDriverT"=3 (0x3)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"ose"=3 (0x3)
"KodakCCS"=2 (0x2)
"Cdrclie"=3 (0x3)
"maya65docserver"=2 (0x2)
"usnjsvc"=3 (0x3)
"MDM"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"KService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14d4b602-af87-11da-ac64-0090d0cd0e95}]
AutoRun\command- F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0c39456-c03c-11da-ac7e-0090d0cd0e95}]
AutoRun\command- F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

Contents of the 'Scheduled Tasks' folder
2007-06-16 16:47:30 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-08 22:37:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\maya65docserver]
"ImagePath"="\"C:\Program Files\Alias\Maya6.5\docs\wrapper.exe\" -s \"C:\Program Files\Alias\Maya6.5\docs\Wrapper.conf\""

Completion time: 2007-07-08 22:42:39 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-08 22:42

--- E O F ---
 
#4 ·
SUPERAntiSpyware Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/09/2007 at 05:14 AM

Application Version : 3.9.1008

Core Rules Database Version : 3266
Trace Rules Database Version: 1277

Scan type : Complete Scan
Total Scan Time : 06:19:34

Memory items scanned : 454
Memory threats detected : 0
Registry items scanned : 6947
Registry threats detected : 0
File items scanned : 365949
File threats detected : 399

Adware.Tracking Cookie
C:\Documents and Settings\Peter\Cookies\peter@247realmedia[1].txt
C:\Documents and Settings\Peter\Cookies\peter@partner2profit[1].txt
C:\Documents and Settings\Peter\Cookies\peter@specificclick[2].txt
C:\Documents and Settings\Peter\Cookies\peter@bluestreak[2].txt
C:\Documents and Settings\Peter\Cookies\peter@adtech[2].txt
C:\Documents and Settings\Peter\Cookies\peter@tribalfusion[1].txt
C:\Documents and Settings\Peter\Cookies\peter@idigporn[1].txt
C:\Documents and Settings\Peter\Cookies\peter@mb[2].txt
C:\Documents and Settings\Peter\Cookies\peter@overture[1].txt
C:\Documents and Settings\Peter\Cookies\peter@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\Peter\Cookies\peter@zedo[2].txt
C:\Documents and Settings\Peter\Cookies\peter@screensavers.us.intellitxt[1].txt
C:\Documents and Settings\Peter\Cookies\peter@partygaming.122.2o7[1].txt
C:\Documents and Settings\Peter\Cookies\peter@adserving.cpxinteractive[2].txt
C:\Documents and Settings\Peter\Cookies\peter@atdmt[1].txt
C:\Documents and Settings\Peter\Cookies\peter@channel4.112.2o7[1].txt
C:\Documents and Settings\Peter\Cookies\peter@adopt.hbmediapro[2].txt
C:\Documents and Settings\Peter\Cookies\peter@data2.perf.overture[1].txt
C:\Documents and Settings\Peter\Cookies\peter@advertising[1].txt
C:\Documents and Settings\Peter\Cookies\peter@adopt.euroclick[1].txt
C:\Documents and Settings\Peter\Cookies\peter@devart.adbureau[2].txt
C:\Documents and Settings\Peter\Cookies\peter@atwola[1].txt
C:\Documents and Settings\Peter\Cookies\peter@msnportal.112.2o7[1].txt
C:\Documents and Settings\Peter\Cookies\peter@mb[1].txt
C:\Documents and Settings\Peter\Cookies\peter@www.screensavers[2].txt
C:\Documents and Settings\Peter\Cookies\peter@partypoker[2].txt
C:\Documents and Settings\Peter\Cookies\peter@screensavers[2].txt
C:\Documents and Settings\Peter\Cookies\peter@ad.yieldmanager[2].txt
C:\Documents and Settings\Peter\Cookies\peter@3.adbrite[1].txt
C:\Documents and Settings\Peter\Cookies\peter@statcounter[2].txt
C:\Documents and Settings\Peter\Cookies\peter@divx.adbureau[1].txt
C:\Documents and Settings\Peter\Cookies\peter@2o7[2].txt
C:\Documents and Settings\Peter\Cookies\peter@perf.overture[1].txt
C:\Documents and Settings\Peter\Cookies\peter@mediaplex[1].txt
C:\Documents and Settings\Peter\Cookies\peter@i.screensavers[1].txt
C:\Documents and Settings\Peter\Cookies\peter@adbrite[2].txt
C:\Documents and Settings\Peter\Cookies\peter@doubleclick[1].txt
C:\Documents and Settings\Peter\Cookies\peter@fastclick[2].txt
C:\Documents and Settings\Anna\Cookies\anna@112.2o7[1].txt
C:\Documents and Settings\Anna\Cookies\anna@122.2o7[1].txt
C:\Documents and Settings\Anna\Cookies\anna@247realmedia[2].txt
C:\Documents and Settings\Anna\Cookies\anna@2o7[1].txt
C:\Documents and Settings\Anna\Cookies\anna@3.adbrite[1].txt
C:\Documents and Settings\Anna\Cookies\anna@4.adbrite[2].txt
C:\Documents and Settings\Anna\Cookies\anna@a.websponsors[2].txt
C:\Documents and Settings\Anna\Cookies\anna@accelerator-media[2].txt
C:\Documents and Settings\Anna\Cookies\anna@ad.filmcity[1].txt
C:\Documents and Settings\Anna\Cookies\anna@ad.yieldmanager[2].txt
C:\Documents and Settings\Anna\Cookies\anna@ad.zanox[2].txt
C:\Documents and Settings\Anna\Cookies\anna@ad1.clickhype[1].txt
C:\Documents and Settings\Anna\Cookies\anna@ad1.emediate[1].txt
C:\Documents and Settings\Anna\Cookies\anna@adbrite[1].txt
C:\Documents and Settings\Anna\Cookies\anna@adknowledge[2].txt
C:\Documents and Settings\Anna\Cookies\anna@adopt.euroclick[2].txt
C:\Documents and Settings\Anna\Cookies\anna@adopt.hbmediapro[2].txt
C:\Documents and Settings\Anna\Cookies\anna@adopt.specificclick[1].txt
C:\Documents and Settings\Anna\Cookies\anna@adrevolver[1].txt
C:\Documents and Settings\Anna\Cookies\anna@adrevolver[3].txt
C:\Documents and Settings\Anna\Cookies\anna@adrevolver[5].txt
C:\Documents and Settings\Anna\Cookies\anna@ads.adsag[1].txt
C:\Documents and Settings\Anna\Cookies\anna@ads.aol.co[2].txt
C:\Documents and Settings\Anna\Cookies\anna@ads.cc214142[1].txt
C:\Documents and Settings\Anna\Cookies\anna@ads.habbogroup[2].txt
C:\Documents and Settings\Anna\Cookies\anna@ads.habbohotel.co[2].txt
C:\Documents and Settings\Anna\Cookies\anna@ads.i-am-bored[1].txt
C:\Documents and Settings\Anna\Cookies\anna@ads.iconator[1].txt
C:\Documents and Settings\Anna\Cookies\anna@ads.monster[1].txt
C:\Documents and Settings\Anna\Cookies\anna@ads.multimania.lycos[1].txt
C:\Documents and Settings\Anna\Cookies\anna@ads.planetactive[2].txt
C:\Documents and Settings\Anna\Cookies\anna@ads.pointroll[2].txt
C:\Documents and Settings\Anna\Cookies\anna@ads.realcastmedia[2].txt
C:\Documents and Settings\Anna\Cookies\anna@ads.realtechnetwork[2].txt
C:\Documents and Settings\Anna\Cookies\anna@ads.telegraph.co[1].txt
C:\Documents and Settings\Anna\Cookies\anna@adserver.adreactor[1].txt
C:\Documents and Settings\Anna\Cookies\anna@adserver.virgin[1].txt
C:\Documents and Settings\Anna\Cookies\anna@adtech[2].txt
C:\Documents and Settings\Anna\Cookies\anna@adv.surinter[2].txt
C:\Documents and Settings\Anna\Cookies\anna@advertising[2].txt
C:\Documents and Settings\Anna\Cookies\anna@adverts.digitalspy.co[1].txt
C:\Documents and Settings\Anna\Cookies\anna@anad.tacoda[1].txt
C:\Documents and Settings\Anna\Cookies\anna@anat.tacoda[1].txt
C:\Documents and Settings\Anna\Cookies\anna@aoluk.122.2o7[1].txt
C:\Documents and Settings\Anna\Cookies\anna@apmebf[2].txt
C:\Documents and Settings\Anna\Cookies\anna@as-eu.falkag[2].txt
C:\Documents and Settings\Anna\Cookies\anna@as-us.falkag[1].txt
C:\Documents and Settings\Anna\Cookies\anna@atdmt[1].txt
C:\Documents and Settings\Anna\Cookies\anna@ath.belnk[1].txt
C:\Documents and Settings\Anna\Cookies\anna@atwola[2].txt
C:\Documents and Settings\Anna\Cookies\anna@banner.prestigecasino[2].txt
C:\Documents and Settings\Anna\Cookies\anna@bannersng.yell[2].txt
C:\Documents and Settings\Anna\Cookies\anna@banners[1].txt
C:\Documents and Settings\Anna\Cookies\anna@belnk[1].txt
C:\Documents and Settings\Anna\Cookies\anna@bluestreak[2].txt
C:\Documents and Settings\Anna\Cookies\anna@bs.serving-sys[2].txt
C:\Documents and Settings\Anna\Cookies\anna@burstnet[2].txt
C:\Documents and Settings\Anna\Cookies\anna@casalemedia[2].txt
C:\Documents and Settings\Anna\Cookies\anna@cassava[1].txt
C:\Documents and Settings\Anna\Cookies\anna@citi.bridgetrack[2].txt
C:\Documents and Settings\Anna\Cookies\anna@clickability[1].txt
C:\Documents and Settings\Anna\Cookies\anna@clickbank[1].txt
C:\Documents and Settings\Anna\Cookies\anna@clicksor[2].txt
C:\Documents and Settings\Anna\Cookies\anna@cnn.122.2o7[1].txt
C:\Documents and Settings\Anna\Cookies\anna@counter.hitslink[2].txt
C:\Documents and Settings\Anna\Cookies\anna@counter2.hitslink[2].txt
C:\Documents and Settings\Anna\Cookies\anna@countercentral[2].txt
C:\Documents and Settings\Anna\Cookies\anna@data2.perf.overture[2].txt
C:\Documents and Settings\Anna\Cookies\anna@devart.adbureau[1].txt
C:\Documents and Settings\Anna\Cookies\anna@dist.belnk[2].txt
C:\Documents and Settings\Anna\Cookies\anna@doubleclick[1].txt
C:\Documents and Settings\Anna\Cookies\anna@drivecleaner[2].txt
C:\Documents and Settings\Anna\Cookies\anna@dv1970.freestats[2].txt
C:\Documents and Settings\Anna\Cookies\anna@dynamicsitestats[2].txt
C:\Documents and Settings\Anna\Cookies\anna@e-2dj6wjkoqkdpadp.stats.esomniture[2].txt
C:\Documents and Settings\Anna\Cookies\anna@e-2dj6wjlouoazwcp.stats.esomniture[2].txt
C:\Documents and Settings\Anna\Cookies\anna@easy-hit-counters[1].txt
C:\Documents and Settings\Anna\Cookies\anna@edge.ru4[1].txt
C:\Documents and Settings\Anna\Cookies\anna@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Anna\Cookies\anna@ehg-foxmovies.hitbox[1].txt
C:\Documents and Settings\Anna\Cookies\anna@ehg-iwantoneofthose.hitbox[1].txt
C:\Documents and Settings\Anna\Cookies\anna@ehg-kodak.hitbox[2].txt
C:\Documents and Settings\Anna\Cookies\anna@ehg-streamload.hitbox[1].txt
C:\Documents and Settings\Anna\Cookies\anna@ehg-uniontrib.hitbox[2].txt
C:\Documents and Settings\Anna\Cookies\anna@ehg-youtube.hitbox[2].txt
C:\Documents and Settings\Anna\Cookies\anna@emarketmakers[2].txt
C:\Documents and Settings\Anna\Cookies\anna@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\Anna\Cookies\anna@etype.adbureau[2].txt
C:\Documents and Settings\Anna\Cookies\anna@exitexchange[2].txt
C:\Documents and Settings\Anna\Cookies\anna@faliaga.sitetracker[2].txt
C:\Documents and Settings\Anna\Cookies\anna@fastclick[1].txt
C:\Documents and Settings\Anna\Cookies\anna@focalex[1].txt
C:\Documents and Settings\Anna\Cookies\anna@fortunecity[2].txt
C:\Documents and Settings\Anna\Cookies\anna@h.starware[2].txt
C:\Documents and Settings\Anna\Cookies\anna@hg1.hitbox[1].txt
C:\Documents and Settings\Anna\Cookies\anna@hitbox[2].txt
C:\Documents and Settings\Anna\Cookies\anna@hswmedia.122.2o7[1].txt
C:\Documents and Settings\Anna\Cookies\anna@i.screensavers[2].txt
C:\Documents and Settings\Anna\Cookies\anna@image.masterstats[1].txt
C:\Documents and Settings\Anna\Cookies\anna@interclick[1].txt
C:\Documents and Settings\Anna\Cookies\anna@kanoodle[2].txt
C:\Documents and Settings\Anna\Cookies\anna@keywordmax[1].txt
C:\Documents and Settings\Anna\Cookies\anna@lonelyplanet.112.2o7[1].txt
C:\Documents and Settings\Anna\Cookies\anna@m1.webstats4u[1].txt
C:\Documents and Settings\Anna\Cookies\anna@maxis.112.2o7[1].txt
C:\Documents and Settings\Anna\Cookies\anna@maxserving[2].txt
C:\Documents and Settings\Anna\Cookies\anna@mediaplex[2].txt
C:\Documents and Settings\Anna\Cookies\anna@msninvite.112.2o7[1].txt
C:\Documents and Settings\Anna\Cookies\anna@msnportal.112.2o7[1].txt
C:\Documents and Settings\Anna\Cookies\anna@netli.media.adrevolver[2].txt
C:\Documents and Settings\Anna\Cookies\anna@network.realmedia[2].txt
C:\Documents and Settings\Anna\Cookies\anna@nextag[2].txt
C:\Documents and Settings\Anna\Cookies\anna@offeroptimizer[1].txt
C:\Documents and Settings\Anna\Cookies\anna@opodo.122.2o7[1].txt
C:\Documents and Settings\Anna\Cookies\anna@optimost[1].txt
C:\Documents and Settings\Anna\Cookies\anna@overture[2].txt
C:\Documents and Settings\Anna\Cookies\anna@partner2profit[2].txt
C:\Documents and Settings\Anna\Cookies\anna@pbteen[1].txt
C:\Documents and Settings\Anna\Cookies\anna@perf.overture[1].txt
C:\Documents and Settings\Anna\Cookies\anna@qksrv[2].txt
C:\Documents and Settings\Anna\Cookies\anna@qnsr[2].txt
C:\Documents and Settings\Anna\Cookies\anna@questionmarket[1].txt
C:\Documents and Settings\Anna\Cookies\anna@realmedia[2].txt
C:\Documents and Settings\Anna\Cookies\anna@redorbit[2].txt
C:\Documents and Settings\Anna\Cookies\anna@reduxads.valuead[1].txt
C:\Documents and Settings\Anna\Cookies\anna@revenue[2].txt
C:\Documents and Settings\Anna\Cookies\anna@revsci[2].txt
C:\Documents and Settings\Anna\Cookies\anna@roiservice[2].txt
C:\Documents and Settings\Anna\Cookies\anna@rotator.adjuggler[2].txt
C:\Documents and Settings\Anna\Cookies\anna@server.cpmstar[1].txt
C:\Documents and Settings\Anna\Cookies\anna@server.iad.liveperson[1].txt
C:\Documents and Settings\Anna\Cookies\anna@serving-sys[1].txt
C:\Documents and Settings\Anna\Cookies\anna@sitestats.tiscali.co[2].txt
C:\Documents and Settings\Anna\Cookies\anna@smileycentral[1].txt
C:\Documents and Settings\Anna\Cookies\anna@stat.onestat[2].txt
C:\Documents and Settings\Anna\Cookies\anna@statcounter[2].txt
C:\Documents and Settings\Anna\Cookies\anna@stats.channel4[1].txt
C:\Documents and Settings\Anna\Cookies\anna@stats.drivecleaner[1].txt
C:\Documents and Settings\Anna\Cookies\anna@stats.ultimate-webservices[1].txt
C:\Documents and Settings\Anna\Cookies\anna@statse.webtrendslive[1].txt
C:\Documents and Settings\Anna\Cookies\anna@tacoda[2].txt
C:\Documents and Settings\Anna\Cookies\anna@targetnet[1].txt
C:\Documents and Settings\Anna\Cookies\anna@thomascook.122.2o7[1].txt
C:\Documents and Settings\Anna\Cookies\anna@toplist[1].txt
C:\Documents and Settings\Anna\Cookies\anna@track.adform[1].txt
C:\Documents and Settings\Anna\Cookies\anna@tradedoubler[1].txt
C:\Documents and Settings\Anna\Cookies\anna@trafficmp[2].txt
C:\Documents and Settings\Anna\Cookies\anna@tribalfusion[1].txt
C:\Documents and Settings\Anna\Cookies\anna@umstreet.adbureau[2].txt
C:\Documents and Settings\Anna\Cookies\anna@valueclick[2].txt
C:\Documents and Settings\Anna\Cookies\anna@videoegg.adbureau[1].txt
C:\Documents and Settings\Anna\Cookies\anna@web4.realtracker[1].txt
C:\Documents and Settings\Anna\Cookies\anna@worldlingomedia[2].txt
C:\Documents and Settings\Anna\Cookies\anna@ww1.pbteen[2].txt
C:\Documents and Settings\Anna\Cookies\anna@www.adtrak[2].txt
C:\Documents and Settings\Anna\Cookies\anna@www.burstbeacon[1].txt
C:\Documents and Settings\Anna\Cookies\anna@www.burstnet[1].txt
C:\Documents and Settings\Anna\Cookies\anna@www.dgm2[2].txt
C:\Documents and Settings\Anna\Cookies\anna@www.drivecleaner[1].txt
C:\Documents and Settings\Anna\Cookies\anna@www.entrepreneur[2].txt
C:\Documents and Settings\Anna\Cookies\anna@www.medialam[2].txt
C:\Documents and Settings\Anna\Cookies\anna@www.screensavers[2].txt
C:\Documents and Settings\Anna\Cookies\anna@www.soundclick[1].txt
C:\Documents and Settings\Anna\Cookies\anna@xiti[1].txt
C:\Documents and Settings\Anna\Cookies\anna@xml.bravenetmedianetwork[2].txt
C:\Documents and Settings\Anna\Cookies\anna@yieldmanager[2].txt
C:\Documents and Settings\Anna\Cookies\anna@z1.adserver[1].txt
C:\Documents and Settings\Anna\Cookies\anna@zedo[2].txt
C:\Documents and Settings\Anna\Local Settings\Temp\Cookies\anna@ad.yieldmanager[1].txt
C:\Documents and Settings\Anna\Local Settings\Temp\Cookies\anna@atdmt[2].txt
C:\Documents and Settings\Anna\Local Settings\Temp\Cookies\anna@doubleclick[1].txt
C:\Documents and Settings\Anna\Local Settings\Temp\Cookies\anna@mediaplex[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@112.2o7[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@247realmedia[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@2o7[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@4.adbrite[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@ad.uk.tangozebra[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@ad.uk.tangozebra[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@ad.yieldmanager[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@ad.zanox[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@ad1.emediate[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@adbrite[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@adinterax[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@adopt.euroclick[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@adopt.hbmediapro[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@adopt.specificclick[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@adrevenue[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@adrevolver[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@adrevolver[3].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@adrevolver[4].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@ads.addesktop[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@ads.addynamix[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@ads.aol.co[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@ads.guardian.co[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@ads.pointroll[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@adserver.adreactor[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@adserver[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@adserving.cpxinteractive[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@adtech[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@adv.webmd[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@advertising[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@anad.tacoda[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@anat.tacoda[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@as-eu.falkag[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@as1.falkag[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@atdmt[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@atoc.112.2o7[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@atwola[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@banners.iop[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@bluestreak[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@brightcove.112.2o7[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@bs.serving-sys[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@burstnet[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@casalemedia[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@counter.hitslink[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@creview.adbureau[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@data2.perf.overture[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@devart.adbureau[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@doubleclick[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@eas.apm.emediate[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@edge.ru4[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@ehg-veohnetworksinc.hitbox[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@ehg-youtube.hitbox[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@ehg.hitbox[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@faliaga.sitetracker[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@fastclick[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@hc2.humanclick[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@hc2.humanclick[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@hg1.hitbox[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@hitbox[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@imrworldwide[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@indexstats[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@interclick[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@kanoodle[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@keywordmax[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@mediaplex[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@metacafe.122.2o7[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@msnportal.112.2o7[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@nextag[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@omniturechannel.112.2o7[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@onetruemedia[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@overture[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@perf.overture[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@phg.hitbox[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@questionmarket[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@realmedia[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@revenue[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@revsci[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@saletrack.co[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@server.cpmstar[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@server.iad.liveperson[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@serving-sys[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@specificclick[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@statcounter[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@stats.channel4[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@statse.webtrendslive[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@stpetersburgtimes.122.2o7[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@tacoda[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@tracker.netklix[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@tracking.webdiversity.co[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@tradedoubler[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@trafficmp[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@tribalfusion[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@tripod[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@valueclick[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@videoegg.adbureau[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@weborama[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@www.burstbeacon[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@www.burstnet[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@www.etracker[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@www.virginmedia[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@xiti[1].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@zbox.zanox[2].txt
C:\Documents and Settings\Anna.BROHANLANDING\Cookies\anna@zedo[2].txt
C:\Documents and Settings\Maia\Cookies\maia@2o7[2].txt
C:\Documents and Settings\Maia\Cookies\maia@atdmt[1].txt
C:\Documents and Settings\Maia\Cookies\maia@doubleclick[2].txt
C:\Documents and Settings\Maia\Cookies\maia@serving-sys[2].txt
C:\Documents and Settings\Maia\Cookies\maia@tradedoubler[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\LocalService\Cookies\system@xxxtoolbar[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@adopt.euroclick[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@ads.digitalpoint[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@ads.searchextreme[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@ads.tripod.lycos.co[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@adtech[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@advertising[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@apmebf[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@atdmt[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@bs.serving-sys[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@burstnet[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@casalemedia[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@cs.sexcounter[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@discount.inadult[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@doubleclick[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@ehg-eline.hitbox[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@ehg-pharmacia.hitbox[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@fastclick[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@fortunecity[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@hg1.hitbox[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@hitbox[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@hurricanedigitalmedia[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@hypertracker[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@maxserving[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@mediaplex[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@qksrv[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@servedby.advertising[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@server.iad.liveperson[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@serving-sys[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@statse.webtrendslive[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@www.dgm2[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@www.xxxgateways[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Maia\Cookies\maia@zedo[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Peter\Cookies\peter@advertising[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Peter\Cookies\peter@atdmt[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Peter\Cookies\peter@bluestreak[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Peter\Cookies\peter@doubleclick[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Peter\Cookies\peter@etype.adbureau[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Peter\Cookies\peter@fastclick[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Peter\Cookies\peter@mediaplex[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Peter\Cookies\peter@servedby.advertising[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Stephen\Cookies\stephen@advertising[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Stephen\Cookies\stephen@atdmt[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Stephen\Cookies\stephen@doubleclick[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Stephen\Cookies\stephen@realmedia[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Stephen\Cookies\stephen@revenue[1].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Stephen\Cookies\stephen@servedby.advertising[2].txt
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Stephen\Cookies\stephen@xxxtoolbar[2].txt

Adware.ClickAlchemy
C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\ANNA\LOCAL SETTINGS\TEMP\ALCHEM.EXE

Adware.Lop
C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\ANNA\LOCAL SETTINGS\TEMP\BISD.EXE
C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\APPLICATION DATA\COOL MEMO DOWNLOAD\ANTE KIND ABOUT.EXE
C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\APPLICATION DATA\COOL MEMO DOWNLOAD\KEEP LOG REF GLOBAL.EXE
C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\APPLICATION DATA\COOL MEMO DOWNLOAD\SKIP GRIM THE.EXE
C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\APPLICATION DATA\TRAY PROC\DEFY KNOB.EXE
C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\31F6945B.EXE
C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\4C8079.EXE
C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\JTORPFMA.EXE
C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\QQUCUNRV.EXE
C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\STA1F.EXE
C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\STA2C.EXE
C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\STA3.EXE

Unclassified.Unknown Origin
C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\ANNA\LOCAL SETTINGS\TEMP\DEL2.TMP

Adware.Avenue Media/Web Rebates (TopRebates)
C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\DJTOPR1150.EXE
C:\MY OLD DISK STRUCTURE -- 05-08-20 0600PM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\WEBREBATES.EXE

-- continued in next post
 
#5 ·
Trojan.Downloader-JKill
C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\JKILL.EXE

Adware.180solutions/Search Assistant
C:\MY OLD DISK STRUCTURE -- 04-12-30 0946AM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\NCMYB.DLL
C:\MY OLD DISK STRUCTURE -- 05-08-20 0600PM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\DEL1.TMP
C:\MY OLD DISK STRUCTURE -- 05-08-20 0600PM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\DEL9.TMP
C:\MY OLD DISK STRUCTURE -- 05-08-20 0600PM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\DELB.TMP

Adware.Avenue Media
C:\MY OLD DISK STRUCTURE -- 05-08-20 0600PM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\CLN2.TMP

TargetSaver, Inc. Process

C:\MY OLD DISK STRUCTURE -- 05-08-20 0600PM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\GLFAGLFA.EXE
C:\MY OLD DISK STRUCTURE -- 05-08-20 0600PM\DOCUMENTS AND SETTINGS\PETER\LOCAL SETTINGS\TEMP\TSINSTALL_4_0_3_8_B17.EXE

Adware.IST/SideFind
C:\MY OLD DISK STRUCTURE -- 05-08-20 0600PM\DOCUMENTS AND SETTINGS\STEPHEN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\SPEBSDI7\SFEXD001[1].HTM

Adware.ClickSpring/Yazzle
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1162OINUNINSTALLER.EXE.VIR

Trojan.Downloader-Gen/AVP
C:\QOOBOX\QUARANTINE\C\WINDOWS\AVP.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP673\A0344227.EXE

Trojan.Downloader-UDL2
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP670\A0344155.EXE

Trojan.Downloader-Gen/HitItQuitIt
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP673\A0344230.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP673\A0344233.DLL

Trace.Known Threat Sources
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Anna\Local Settings\Temporary Internet Files\Content.IE5\Z1QIGVQ9\dollsnowinstall[1].aspx
C:\My old Disk Structure -- 05-08-20 0600PM\Documents and Settings\Anna\Local Settings\Temporary Internet Files\Content.IE5\QXSB6POX\12[1].gif

New HijackThis Log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 08:54:23, on 09/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\DeskPins\DeskPins.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Peter\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125228854375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125228802546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O18 - Protocol: bw+0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0A9DC54F-C531-4D80-A650-445DFCA93527} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 22790 bytes
 
#6 ·
Uninstall Logitech Desktop Messenger from Add/Remove Programs

Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
 
#7 ·
Done, though VundoFix said it didn't find anything

(note: IE has stopped opening itself, however it still wont actually work)

Vundofix Log:

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Scan started at 02:23:45 10/07/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

New Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 02:39:10, on 10/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\DeskPins\DeskPins.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Documents and Settings\Peter\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125228854375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125228802546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 10758 bytes
 
#8 ·
1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\byxvtqn.dll
C:\WINDOWS\system32\winmmt32.dll
C:\WINDOWS\system32\nnnmp.bak1
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\vtutqpo.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.
 
#9 ·
When the command window opened up it told me that my Windows CD was not in my drive. As it wasn't I put the disc that came with my computer (which is basically a Windows CD) in the drive. It refused to find this either, so, after pressing continue lots of times, it went away and put the log up.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bajjessa

*******************

Script file located at: \??\C:\WINDOWS\system32\qlokgips.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\pmnnn.dll not found!
Deletion of file C:\WINDOWS\system32\pmnnn.dll failed!

Could not process line:
C:\WINDOWS\system32\pmnnn.dll
Status: 0xc0000034



File C:\WINDOWS\system32\byxvtqn.dll not found!
Deletion of file C:\WINDOWS\system32\byxvtqn.dll failed!

Could not process line:
C:\WINDOWS\system32\byxvtqn.dll
Status: 0xc0000034



File C:\WINDOWS\system32\winmmt32.dll not found!
Deletion of file C:\WINDOWS\system32\winmmt32.dll failed!

Could not process line:
C:\WINDOWS\system32\winmmt32.dll
Status: 0xc0000034



File C:\WINDOWS\system32\nnnmp.bak1 not found!
Deletion of file C:\WINDOWS\system32\nnnmp.bak1 failed!

Could not process line:
C:\WINDOWS\system32\nnnmp.bak1
Status: 0xc0000034



File C:\WINDOWS\system32\nnnmp.ini not found!
Deletion of file C:\WINDOWS\system32\nnnmp.ini failed!

Could not process line:
C:\WINDOWS\system32\nnnmp.ini
Status: 0xc0000034



File C:\WINDOWS\system32\vtutqpo.dll not found!
Deletion of file C:\WINDOWS\system32\vtutqpo.dll failed!

Could not process line:
C:\WINDOWS\system32\vtutqpo.dll
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
 
#11 ·
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:38:35, on 10/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\DeskPins\DeskPins.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Documents and Settings\Peter\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125228854375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125228802546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 10870 bytes
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top