1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Video Active X (2.07) Removal Help

Discussion in 'Virus & Other Malware Removal' started by LittleBunny, Jul 12, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. LittleBunny

    LittleBunny Thread Starter

    Joined:
    Jul 12, 2007
    Messages:
    22
    I was attempting to watch a video segment of a show I like when i was prompted to dl this ~ not knowing what it was, i downloaded it only to find my computer swimming with adware and trojans

    any help in removing all of this will be greatly appreciated

    ~

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:26:01 PM, on 7/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\lxamsp32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Video ActiveX Access\imsmn.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Video ActiveX Access\iesmin.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
    C:\Program Files\LexmarkX63\ACMonitor_X63.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Common Files\AOL\1131738102\ee\AOLHostManager.exe
    C:\Program Files\Common Files\AOL\1131738102\ee\AOLServiceHost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\NORTON~1\navw32.exe
    C:\Program Files\Video ActiveX Access\imsmain.exe
    C:\Program Files\Video ActiveX Access\iesmn.exe
    C:\Program Files\Video ActiveX Access\iesmin.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {E26CEADA-67B0-4543-BE8B-307F00265118} - C:\Program Files\Video ActiveX Access\iesplg.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\oxxhjnv.exe
    O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131738102\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [MSys32] "C:\Program Files\Tetris 4000\morfitwebentrance.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [VirusProtectPro 3.4] "C:\Program Files\VirusProtectPro 3.4\VirusProtectPro 3.4.exe" /h
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DrAntispy] C:\Program Files\DrAntispy\DrAntispy.exe
    O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
    O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
    O4 - Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
    O4 - Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
    O4 - Startup: DrAntispy.lnk = C:\Program Files\DrAntispy\DrAntispy.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm028YYUS
    O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
    O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.runescape.com
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab45837.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EEA83E8C-99E2-418F-B8F2-E3E0C41648FF}: NameServer = 64.40.40.51 66.54.140.10
    O18 - Protocol: bw+0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O22 - SharedTaskScheduler: inscenation - {cfda6372-043c-48d2-ba3c-7bfe1cf71854} - C:\WINDOWS\system32\surzzh.dll
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 23941 bytes
     
  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, LittleBunny. :)

    Welcome to TSG.

    Please download SmitfraudFix (by S!Ri) to your Desktop.

    Note: In the event you already have SmitfraudFix, this is a new version that I need you to download.

    [​IMG]Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    [​IMG] Download AVG Anti-Spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the program
    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly


    Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

    Boot into Safe Mode:

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Perform the following steps in safe mode:


    1. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions"
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware .
    While in Safe Mode, double-click on SmitfraudFix.exe

    **If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    * Go to Control Panel > Internet Options. Click on the Programs tab, then click the "Reset Web Settings" button. Click Apply then OK.

    * Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" Delete everything except for "My Current Home Page". Click OK then Apply and OK.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post a fresh Hijackthis log along with the AVG Anti-spyware report, ActiveScan report and contents of C:\rapport.txt produced by Smitfraudfix.
     
  3. LittleBunny

    LittleBunny Thread Starter

    Joined:
    Jul 12, 2007
    Messages:
    22
    I downloaded the AVG Anti-Spyware Installer but when i tried to run it, i was met with an "NSIS Error"

    "The installer you are trying to use is corrupted or incomplete.
    This could be the result of a damaged disk, a failed download, or a virus.

    You may want to contact the author of the installer to obtain a new copy.

    It may be possible to skip this check using the /NCRC command line switch
    (NOT RECOMMENDED)."

    what should i do?
     
  4. LittleBunny

    LittleBunny Thread Starter

    Joined:
    Jul 12, 2007
    Messages:
    22
    Hm... nevermind - I managed to re-dl/install just fine... I shall do the whole thing now...
     
  5. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
  6. LittleBunny

    LittleBunny Thread Starter

    Joined:
    Jul 12, 2007
    Messages:
    22
    Almost....

    :D I must say... TSG is extraordinarily helpful :)

    I will try to support TSG as much as I can in the future....

    Now... back to the Panda Scan....
     
  7. LittleBunny

    LittleBunny Thread Starter

    Joined:
    Jul 12, 2007
    Messages:
    22
    HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:17:45 PM, on 7/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\lxamsp32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\AOL\1131738102\ee\AOLHostManager.exe
    C:\Program Files\Common Files\AOL\1131738102\ee\AOLServiceHost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
    C:\Program Files\LexmarkX63\ACMonitor_X63.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\oxxhjnv.exe
    O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131738102\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
    O4 - Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
    O4 - Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm028YYUS
    O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
    O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.runescape.com
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab45837.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EEA83E8C-99E2-418F-B8F2-E3E0C41648FF}: NameServer = 64.40.40.51 66.54.140.10
    O18 - Protocol: bw+0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 22661 bytes
     
  8. LittleBunny

    LittleBunny Thread Starter

    Joined:
    Jul 12, 2007
    Messages:
    22
    AVG:

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 1:00:24 PM 7/13/2007

    + Scan result:



    C:\RECYCLER\NPROTECT\00571929.ini -> Adware.Qworke : Cleaned.
    C:\Program Files\lf2_v19.exe -> Adware.Webdir : Cleaned.
    C:\WINDOWS\pxwma.dll -> Adware.Webdir : Cleaned.
    C:\RECYCLER\NPROTECT\00571624.x -> Adware.WebEntrance : Cleaned.
    C:\RECYCLER\NPROTECT\00571652.EXE -> Adware.WebEntrance : Cleaned.
    C:\Documents and Settings\Oem\Shared\Setup.exe -> Downloader.Agent.auv : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt -> TrackingCookie.Abetterinternet : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Ad-logics : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][2].txt -> TrackingCookie.Ad-logics : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Adition : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Adserver : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Bfast : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Bfast : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt -> TrackingCookie.Clickagents : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][2].txt -> TrackingCookie.Clickagents : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Dealtime : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Dealtime : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][2].txt -> TrackingCookie.Dealtime : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Euniverseads : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Findwhat : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Gator : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Gator : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Hitslink : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Hitslink : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt -> TrackingCookie.Incredifind : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt -> TrackingCookie.Incredifind : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Incredifind : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Paycounter : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Porngraph : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Pro-market : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][2].txt -> TrackingCookie.Pro-market : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Qksrv : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Qksrv : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt -> TrackingCookie.Realmedia : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Realmedia : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt -> TrackingCookie.Revenue : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Revenue : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Sexlist : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt -> TrackingCookie.Targetnet : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Targetnet : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt -> TrackingCookie.Trafficmp : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][2].txt -> TrackingCookie.Trafficmp : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Valuead : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Valuead : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Valuead : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Valuead : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Valuead : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt -> TrackingCookie.Valueclick : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][2].txt -> TrackingCookie.Valueclick : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][3].txt -> TrackingCookie.Valueclick : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt -> TrackingCookie.X10 : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][2].txt -> TrackingCookie.X10 : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned.
    C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt -> TrackingCookie.Zedo : Cleaned.
    C:\Program Files\Diablo II\Speed Gear 5\Register.exe -> Trojan.Legmir : Cleaned.


    ::Report end
     
  9. LittleBunny

    LittleBunny Thread Starter

    Joined:
    Jul 12, 2007
    Messages:
    22
    ActiveScan:


    Incident Status Location

    Potentially unwanted tool:Application/ViewPoint Not disinfected C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll
    Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
    Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
    Dialer:dialer.bnz Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D7334F5-CF58-4F22-8502-6CC0ACB2FE6B}
    Adware:adware/adshooter Not disinfected Windows Registry
    Adware:adware/sgrunt Not disinfected Windows Registry
    Adware:adware/favoriteman Not disinfected Windows Registry
    Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Oem\Cookies\[email protected][1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Oem\Cookies\[email protected][1].txt
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Oem\Cookies\[email protected][2].txt
    Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Oem\Cookies\[email protected]slink[1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Oem\Cookies\[email protected][2].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Oem\Cookies\[email protected][2].txt
    Adware:Adware/MyDailyHoroscope Not disinfected C:\Documents and Settings\Oem\Desktop\AutoTalkerXPro17\SCAR1.13\SCAR1.13setup.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Oem\Desktop\Cleansers\SmitfraudFix\Process.exe
    Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Oem\Desktop\Cleansers\SmitfraudFix\restart.exe
    Spyware:Cookie/Sandboxer Not disinfected C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt
    Spyware:Cookie/421 Not disinfected C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt
    Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt
    Spyware:Cookie/DelfinMedia Not disinfected C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt
    Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt
    Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt
    Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt
    Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][2].txt
    Spyware:Cookie/MyWay Not disinfected C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\[email protected][1].txt
    Spyware:Cookie/Sandboxer Not disinfected C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][2].txt
    Spyware:Cookie/421 Not disinfected C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt
    Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt
    Spyware:Cookie/DelfinMedia Not disinfected C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt
    Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][1].txt
    Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Oem\Desktop\Unused Desktop Shortcuts\New Folder\trong [email protected][2].txt
    Virus:Generic Malware Disinfected C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
    Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Trend Micro\HijackThis\backups\backup-20070712-193206-850.dll
    Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Trend Micro\HijackThis\backups\backup-20070712-193344-496.dll
    Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Trend Micro\HijackThis\backups\backup-20070712-193629-861.dll
    Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Trend Micro\HijackThis\backups\backup-20070712-195540-166.dll
    Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Trend Micro\HijackThis\backups\backup-20070713-093141-872.dll
    Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Trend Micro\HijackThis\backups\backup-20070713-093315-156.dll
    Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Trend Micro\HijackThis\backups\backup-20070713-093933-195.dll
    Adware:Adware/VirusProtectPro Not disinfected C:\RECYCLER\NPROTECT\00571939.EXE
    Adware:Adware/VideoActiveXObject Not disinfected C:\RECYCLER\NPROTECT\00572091.exe
    Virus:Trj/Downloader.FNP Disinfected C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll
    Virus:W32/Sasser.ftp Disinfected C:\WINDOWS\system32\cmd.ftp
    Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
     
  10. LittleBunny

    LittleBunny Thread Starter

    Joined:
    Jul 12, 2007
    Messages:
    22
    Le Rapport 1 (i did it twice for some odd reason):

    SmitFraudFix v2.203

    Scan done at 13:10:19.04, Fri 07/13/2007
    Run from C:\Documents and Settings\Oem\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{cfda6372-043c-48d2-ba3c-7bfe1cf71854}"="inscenation"

    [HKEY_CLASSES_ROOT\CLSID\{cfda6372-043c-48d2-ba3c-7bfe1cf71854}\InProcServer32]
    @="C:\WINDOWS\system32\surzzh.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{cfda6372-043c-48d2-ba3c-7bfe1cf71854}\InProcServer32]
    @="C:\WINDOWS\system32\surzzh.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\surzzh.dll -> Hoax.Win32.Renos.gen.o
    C:\WINDOWS\system32\surzzh.dll -> Deleted


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
    C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
    C:\Program Files\Video ActiveX Access\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» DNS



    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    Le Rapport 2:

    SmitFraudFix v2.203

    Scan done at 13:12:48.03, Fri 07/13/2007
    Run from C:\Documents and Settings\Oem\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» DNS



    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  11. LittleBunny

    LittleBunny Thread Starter

    Joined:
    Jul 12, 2007
    Messages:
    22
    I just had AVG re-scan my un-used desktop shortcuts folder and it found 9 new things -

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 12:39:47 PM 7/14/2007

    + Scan result:



    C:\Documents and Settings\Oem\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Oem\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Oem\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Oem\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Oem\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Oem\Cookies\[email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Oem\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\Oem\Cookies\[email protected][1].txt -> TrackingCookie.Hitslink : Cleaned.
    C:\Documents and Settings\Oem\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : Cleaned.


    ::Report end
     
  12. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, LittleBunny :)

    Please download the OTMoveIt by OldTimer.
    • Save it to your desktop.

    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll
    O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\oxxhjnv.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZJxdm028YYUS
    O18 - Protocol: bw+0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {4589709E-08F0-402F-ADDA-47656CABA0B8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

    Close Hijackthis.

    Reboot into safe mode.

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

    All programs related to Viewpoint
    Logitech Desktop Messenger


    Please note any other programs that you dont recognize in that list in your next response

    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
      C:\Program Files\Viewpoint
      C:\Program Files\Logitech\Desktop Messenger
      C:\Program Files\Common Files\Viewpoint
      C:\WINDOWS\System32\oxxhjnv.exe


    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
      • If able, copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on a note pad document. Save it on the desktop and post its contents in your next reply.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Restart the computer and Test.

    Post a fresh Hijackthis log and let me know how is the computer doing?
     
  13. LittleBunny

    LittleBunny Thread Starter

    Joined:
    Jul 12, 2007
    Messages:
    22
    HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:27:26 PM, on 7/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\lxamsp32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\AOL\1131738102\ee\AOLHostManager.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\AOL\1131738102\ee\AOLServiceHost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
    C:\Program Files\LexmarkX63\ACMonitor_X63.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131738102\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
    O4 - Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
    O4 - Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
    O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
    O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.runescape.com
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

    --
    End of file - 8652 bytes
     
  14. LittleBunny

    LittleBunny Thread Starter

    Joined:
    Jul 12, 2007
    Messages:
    22
    OTMoveIt:

    File/Folder c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf not found.
    C:\Program Files\Viewpoint\Viewpoint Toolbar moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\VMgr_Win moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\AxMetaStream_Win moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Media Player\Components moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Media Player moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Manager moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Experience Technology moved successfully.
    C:\Program Files\Viewpoint\Common moved successfully.
    C:\Program Files\Viewpoint moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Misc\Temp moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Misc\Backup moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Misc moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Data\GenFlash\1 moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Data\GenFlash moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Data\579d moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Data\564a moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Data\2d54\a9a3f18 moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Data\2d54\a9a3f17 moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Data\2d54\a9a3ef0 moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Data\2d54\a9a3e54 moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Data\2d54\a9a3e53 moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Data\2d54\a9a3e36 moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Data\2d54\10685d92\LDM Release Multi moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Data\2d54\10685d92 moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Data\2d54 moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Data\2d50\Upstream moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Data\2d50\a9acb3d moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Data\2d50\10bc45b0 moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Data\2d50\10bc4513 moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Data\2d50 moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem\Data moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Oem moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Scripts\RuleExec moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Scripts\Enable_OAS moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Scripts moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\8876480\Oem moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\8876480 moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\GenFlash\1 moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\GenFlash moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480\InitData moved successfully.
    C:\Program Files\Logitech\Desktop Messenger\8876480 moved successfully.
    C:\Program Files\Logitech\Desktop Messenger moved successfully.
    C:\Program Files\Common Files\Viewpoint\Toolbar Runtime moved successfully.
    C:\Program Files\Common Files\Viewpoint moved successfully.
    File/Folder C:\WINDOWS\System32\oxxhjnv.exe not found.

    Created on 07/15/2007 13:15:43
     
  15. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, LittleBunny :)

    The log looks clear. How is it doing?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Video Active Removal
  1. AlphaOmega2010
    Replies:
    3
    Views:
    293
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/595138

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice