Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » hijack log please help

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

hijack log please help

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 28-07-2006, 08:36 PM
Newbie
D-A-L Newbie
  
Join Date: Jul 2006
Posts: 2
tmphan Is a beginner here at D-A-L
hijack log please help
I have no idea what to keep or delete...


Logfile of HijackThis v1.99.1
Scan saved at 2:32:16 PM, on 07/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Logitech\iTouch\iTouch.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\ahead\InCD\InCD.exe
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
F:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e
F:\Program Files\Southwest Airlines\Ding\Ding.exe
F:\Program Files\Logitech\MouseWare\system\em_exec.exe
F:\Program Files\MSN Messenger\msnmsgr.exe
F:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
F:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPRV10.EXE
F:\Program Files\MSN\MSNCoreFiles\MSN.EXE
F:\Program Files\MSN\MSNIA\MSNIASVC.EXE
F:\Program Files\AIM\aim.exe
F:\WINDOWS\explorer.exe
F:\DOCUME~1\BINHPH~1\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;127.0.0.1;staff.apex2000.net;<local>
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {05A016B8-5BEF-465D-BFB3-8566D5EDD413} - \
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B79DAD3-FF49-428B-924F-F65AB99CF2C5} - \
O2 - BHO: (no name) - {0FFBDCC0-4104-4036-8445-30AFA154C3D6} - \
O2 - BHO: (no name) - {10A8EBEA-691C-37B7-31DB-66563150511C} - F:\WINDOWS\epggsriw.dll
O2 - BHO: (no name) - {23B4A0F7-C862-4133-B5DE-4CF25A99CF95} - \
O2 - BHO: (no name) - {270E4E6F-DCB6-4F43-A334-471C22D544A8} - \
O2 - BHO: (no name) - {27129D5F-EC71-4155-8F74-997B2B7E7467} - F:\Program Files\Proxyconn\niwyragux.dll
O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - F:\WINDOWS\system32\nodeipproc.dll (file missing)
O2 - BHO: (no name) - {3459C83E-6743-43FD-98F3-7CE8892010A2} - \
O2 - BHO: (no name) - {3E5AAD01-A82C-9491-B496-D8F6DF9A32BD} - F:\WINDOWS\ecvx.dll
O2 - BHO: (no name) - {440E136F-151A-4F9D-8885-6B01070C3B25} - \
O2 - BHO: (no name) - {4A28BA2F-D282-47C7-907D-7DA177835558} - \
O2 - BHO: (no name) - {502CCDCF-C285-E435-C915-E1EDE6A3D8BC} - F:\WINDOWS\oume.dll
O2 - BHO: (no name) - {51CCAA0B-228D-0C35-BFC7-F3FEF08549D9} - F:\WINDOWS\rvbnlfjknd.dll
O2 - BHO: (no name) - {56F09643-C7C0-422E-8D4E-F49E16330E6F} - \
O2 - BHO: (no name) - {5A751DD8-C58A-4069-B1C8-AAEE75D20C0B} - \
O2 - BHO: (no name) - {5B6C49DC-F9B1-4F05-8E46-3BDA3AF54B09} - \
O2 - BHO: (no name) - {60C49C0B-E959-4D71-B4AF-7D4A1C6F1567} - \
O2 - BHO: (no name) - {640F0444-4F5E-470C-A5E3-36DE679C826C} - \
O2 - BHO: (no name) - {64AB1834-432F-4DB9-A5CF-DE85B9FC3203} - \
O2 - BHO: (no name) - {6B188877-D2B5-4048-AA6C-1C1A19A149A1} - \
O2 - BHO: (no name) - {6FFD5CB4-CE6B-CC91-CB29-7F51570E7BCB} - F:\WINDOWS\fxjeqbj.dll
O2 - BHO: (no name) - {71428B10-2B03-46AC-87AC-5EC773D3AEDD} - F:\Program Files\NcFTP\niwyragux.dll
O2 - BHO: (no name) - {7AA87D67-3684-475D-8266-26E29BA3E33D} - \
O2 - BHO: ProxyConn Browser Helper Object - {7D9E713D-0388-4384-BDD8-2A42EB1C4F04} - F:\PROGRA~1\PROXYC~1\PRXCNB~1.DLL
O2 - BHO: (no name) - {8C60283E-15E5-481F-A90C-37DE26EAE617} - \
O2 - BHO: (no name) - {8CD936A6-19B2-48D1-8973-8C09958B408A} - \
O2 - BHO: (no name) - {8D512040-95FE-4831-BC04-C69664C5B8CD} - \
O2 - BHO: (no name) - {92D9FDFD-4F9C-424A-8FA2-48655C3C1F7E} - \
O2 - BHO: (no name) - {947CF925-B9E8-EB25-BDF5-3F39DC3BF1DF} - F:\WINDOWS\oommmcxb.dll
O2 - BHO: (no name) - {A34436F6-81C3-4C2E-BD83-259498BBCA45} - \
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AC24ACAB-E560-E7AE-A261-DF814AC94AED} - F:\WINDOWS\sqwkwwean.dll
O2 - BHO: (no name) - {ACCD13DD-AD2C-BEB2-3F0F-DBCA1D06E25F} - F:\WINDOWS\gqdv.dll
O2 - BHO: (no name) - {B29A1F58-1AF5-455A-B575-EDA5E1A675B9} - \
O2 - BHO: (no name) - {B335DF8D-0F32-43D0-A19E-07D009F208BA} - F:\Program Files\NcFTP\niwyragux.dll
O2 - BHO: (no name) - {B8181223-5DD9-4703-B250-4A293F19C87E} - \
O2 - BHO: (no name) - {BD39DAB8-F6C8-CBE0-71CA-FA0AB3AEE66A} - F:\WINDOWS\xrfdeo.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: (no name) - {C3BA2362-AC6D-49C4-BE37-31B90FFF4A4F} - \
O2 - BHO: (no name) - {CDD2AA27-AA7D-A6A0-54BD-1C925D21ADAB} - F:\WINDOWS\kudqsomwgs.dll
O2 - BHO: (no name) - {D65C7999-69C5-FF93-9946-BDD910EEF628} - F:\WINDOWS\vjalkoocr.dll
O2 - BHO: (no name) - {D89D5585-3A9C-4333-90E2-C83EC1CC7F6B} - \
O2 - BHO: (no name) - {DC45B614-E4F9-4DB5-8C57-7A0FA7B2257B} - \
O2 - BHO: (no name) - {DDBC5DD2-6919-B4E7-DBBD-FE3A7C333EAB} - F:\WINDOWS\ectollsqwd.dll
O2 - BHO: (no name) - {EBA54DD7-F9C5-4B99-940E-8E27F72AECB5} - \
O2 - BHO: (no name) - {F7EDF876-F573-4ADC-96D1-4728B03D6EC9} - \
O2 - BHO: (no name) - {F9688E37-E3CB-5FF1-ACD8-D125C2D3C7AD} - F:\WINDOWS\smlum.dll
O2 - BHO: (no name) - {FA80A07C-D622-E49F-AAB1-7ECE17ACB652} - F:\WINDOWS\qbupbmh.dll
O2 - BHO: (no name) - {FBD9629F-0F44-47A7-A8E6-4A07F1DD0C2A} - \
O2 - BHO: (no name) - {FC9C0C21-C0E6-2BF8-ACEC-A97B0666DD28} - F:\WINDOWS\dvlkf.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TheMonitor] F:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] F:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] F:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InCD] F:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [vsgcws] F:\WINDOWS\system32\wbckwu.exe reg_run
O4 - HKCU\..\Run: [Weather] F:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [wallp2.exe] F:\WINDOWS\system32\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] F:\WINDOWS\system32\VSL13.exe
O4 - HKCU\..\Run: [VSL07.exe] F:\WINDOWS\system32\VSL07.exe
O4 - HKCU\..\Run: [ssqbn.exe] F:\WINDOWS\system32\ssqbn.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [IW_Drop_Icon] F:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e /DropDisc
O4 - HKCU\..\Run: [InstantTray] F:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [spmdx] F:\WINDOWS\system32\wbckwu.exe reg_run
O4 - Global Startup: DING!.lnk = F:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Windows Desktop Search.lnk = F:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://F:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://f:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://F:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?95cc1b34a35046129ab3e6d65c78d3e
O8 - Extra context menu item: Open in new foreground tab - res://F:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?95cc1b34a35046129ab3e6d65c78d3e
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://f:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Update Page Content - F:\Program Files\MSN\MSNIA\CC\MSNCC\WA\refreshpage.htm
O8 - Extra context menu item: View All Originals On Page - F:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - F:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - F:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - F:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab40641.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab32846.cab
O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.com/resources/neut...s/DigWebX2.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/...reeInstall.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames...l.cab42858.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab41227.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://aamco.webex.com/client/v_myw...ex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D476A522-347D-4E9B-914C-4BE04B4761CB}: NameServer = 205.171.3.65 205.171.2.65
O18 - Protocol: bw+0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: mmc.dll F:\WINDOWS\system32\mmc.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Network Monitor - Unknown owner - F:\Program Files\Network Monitor\netmon.exe (file missing)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 29-07-2006, 03:56 AM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: hijack log please help
Welcome to DAl,


That is one messed up computer, just hope it is not to late to save it from a reformat.

Have you being getting help on another forum?


Please download Brute Force Uninstaller to your desktop. (rightclick on this link and choose save as, if using IE save target as)
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
  • Download qoofix.bat (rightclick on this link and choose save as, if using IE save target as)
  • Place qoofix.bat in your C:\BFU - folder. (Important!)
  • Doubleclick qooFix.bat, Close all browsers and explorer folders.
  • Choose option 1 (Qoolfix autofix) and follow the prompts.
  • Please be patient, it will take about five minutes.
  • After the PC has restarted please post another hijackthis log.


Also...





Please download http://siri.urz.free.fr/Fix/SmitfraudFix.zip (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Please do not run any other option until asked to do so, Thanks

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm


Please post a new hijackthis log and the smitfraudfix log. Thanks.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 29-07-2006, 05:55 PM
Newbie
D-A-L Newbie
  
Join Date: Jul 2006
Posts: 2
tmphan Is a beginner here at D-A-L
Re: hijack log please help
Here is my new hijack log...

Logfile of HijackThis v1.99.1
Scan saved at 11:51:24 AM, on 07/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Logitech\iTouch\iTouch.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\ahead\InCD\InCD.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
F:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e
F:\Program Files\Southwest Airlines\Ding\Ding.exe
F:\Program Files\Logitech\MouseWare\system\em_exec.exe
F:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
F:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPRV10.EXE
F:\Program Files\MSN Messenger\msnmsgr.exe
F:\Program Files\MSN\MSNCoreFiles\MSN.EXE
F:\Program Files\MSN\MSNIA\MSNIASVC.EXE
F:\WINDOWS\notepad.exe
F:\DOCUME~1\BINHPH~1\LOCALS~1\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;127.0.0.1;staff.apex2000.net;<local>
O2 - BHO: (no name) - {05A016B8-5BEF-465D-BFB3-8566D5EDD413} - \
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B79DAD3-FF49-428B-924F-F65AB99CF2C5} - \
O2 - BHO: (no name) - {0FFBDCC0-4104-4036-8445-30AFA154C3D6} - \
O2 - BHO: (no name) - {10A8EBEA-691C-37B7-31DB-66563150511C} - F:\WINDOWS\epggsriw.dll
O2 - BHO: (no name) - {23B4A0F7-C862-4133-B5DE-4CF25A99CF95} - \
O2 - BHO: (no name) - {270E4E6F-DCB6-4F43-A334-471C22D544A8} - \
O2 - BHO: (no name) - {27129D5F-EC71-4155-8F74-997B2B7E7467} - F:\Program Files\Proxyconn\niwyragux.dll
O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - F:\WINDOWS\system32\nodeipproc.dll (file missing)
O2 - BHO: (no name) - {3459C83E-6743-43FD-98F3-7CE8892010A2} - \
O2 - BHO: (no name) - {3E5AAD01-A82C-9491-B496-D8F6DF9A32BD} - F:\WINDOWS\ecvx.dll
O2 - BHO: (no name) - {440E136F-151A-4F9D-8885-6B01070C3B25} - \
O2 - BHO: (no name) - {4A28BA2F-D282-47C7-907D-7DA177835558} - \
O2 - BHO: (no name) - {502CCDCF-C285-E435-C915-E1EDE6A3D8BC} - F:\WINDOWS\oume.dll
O2 - BHO: (no name) - {51CCAA0B-228D-0C35-BFC7-F3FEF08549D9} - F:\WINDOWS\rvbnlfjknd.dll
O2 - BHO: (no name) - {56F09643-C7C0-422E-8D4E-F49E16330E6F} - \
O2 - BHO: (no name) - {5A751DD8-C58A-4069-B1C8-AAEE75D20C0B} - \
O2 - BHO: (no name) - {5B6C49DC-F9B1-4F05-8E46-3BDA3AF54B09} - \
O2 - BHO: (no name) - {60C49C0B-E959-4D71-B4AF-7D4A1C6F1567} - \
O2 - BHO: (no name) - {640F0444-4F5E-470C-A5E3-36DE679C826C} - \
O2 - BHO: (no name) - {64AB1834-432F-4DB9-A5CF-DE85B9FC3203} - \
O2 - BHO: (no name) - {6B188877-D2B5-4048-AA6C-1C1A19A149A1} - \
O2 - BHO: (no name) - {6FFD5CB4-CE6B-CC91-CB29-7F51570E7BCB} - F:\WINDOWS\fxjeqbj.dll
O2 - BHO: (no name) - {71428B10-2B03-46AC-87AC-5EC773D3AEDD} - F:\Program Files\NcFTP\niwyragux.dll
O2 - BHO: (no name) - {7AA87D67-3684-475D-8266-26E29BA3E33D} - \
O2 - BHO: ProxyConn Browser Helper Object - {7D9E713D-0388-4384-BDD8-2A42EB1C4F04} - F:\PROGRA~1\PROXYC~1\PRXCNB~1.DLL
O2 - BHO: (no name) - {8C60283E-15E5-481F-A90C-37DE26EAE617} - \
O2 - BHO: (no name) - {8CD936A6-19B2-48D1-8973-8C09958B408A} - \
O2 - BHO: (no name) - {8D512040-95FE-4831-BC04-C69664C5B8CD} - \
O2 - BHO: (no name) - {92D9FDFD-4F9C-424A-8FA2-48655C3C1F7E} - \
O2 - BHO: (no name) - {947CF925-B9E8-EB25-BDF5-3F39DC3BF1DF} - F:\WINDOWS\oommmcxb.dll
O2 - BHO: (no name) - {A34436F6-81C3-4C2E-BD83-259498BBCA45} - \
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AC24ACAB-E560-E7AE-A261-DF814AC94AED} - F:\WINDOWS\sqwkwwean.dll
O2 - BHO: (no name) - {ACCD13DD-AD2C-BEB2-3F0F-DBCA1D06E25F} - F:\WINDOWS\gqdv.dll
O2 - BHO: (no name) - {B29A1F58-1AF5-455A-B575-EDA5E1A675B9} - \
O2 - BHO: (no name) - {B335DF8D-0F32-43D0-A19E-07D009F208BA} - F:\Program Files\NcFTP\niwyragux.dll
O2 - BHO: (no name) - {B8181223-5DD9-4703-B250-4A293F19C87E} - \
O2 - BHO: (no name) - {BD39DAB8-F6C8-CBE0-71CA-FA0AB3AEE66A} - F:\WINDOWS\xrfdeo.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: (no name) - {C3BA2362-AC6D-49C4-BE37-31B90FFF4A4F} - \
O2 - BHO: (no name) - {CDD2AA27-AA7D-A6A0-54BD-1C925D21ADAB} - F:\WINDOWS\kudqsomwgs.dll
O2 - BHO: (no name) - {D65C7999-69C5-FF93-9946-BDD910EEF628} - F:\WINDOWS\vjalkoocr.dll
O2 - BHO: (no name) - {D89D5585-3A9C-4333-90E2-C83EC1CC7F6B} - \
O2 - BHO: (no name) - {DC45B614-E4F9-4DB5-8C57-7A0FA7B2257B} - \
O2 - BHO: (no name) - {DDBC5DD2-6919-B4E7-DBBD-FE3A7C333EAB} - F:\WINDOWS\ectollsqwd.dll
O2 - BHO: (no name) - {EBA54DD7-F9C5-4B99-940E-8E27F72AECB5} - \
O2 - BHO: (no name) - {F71A63B3-F692-4C60-A1E8-DA311BF55B6E} - \
O2 - BHO: (no name) - {F7EDF876-F573-4ADC-96D1-4728B03D6EC9} - \
O2 - BHO: (no name) - {F9688E37-E3CB-5FF1-ACD8-D125C2D3C7AD} - F:\WINDOWS\smlum.dll
O2 - BHO: (no name) - {FA80A07C-D622-E49F-AAB1-7ECE17ACB652} - F:\WINDOWS\qbupbmh.dll
O2 - BHO: (no name) - {FBD9629F-0F44-47A7-A8E6-4A07F1DD0C2A} - \
O2 - BHO: (no name) - {FC9C0C21-C0E6-2BF8-ACEC-A97B0666DD28} - F:\WINDOWS\dvlkf.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TheMonitor] F:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] F:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] F:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InCD] F:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKCU\..\Run: [Weather] F:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [wallp2.exe] F:\WINDOWS\system32\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] F:\WINDOWS\system32\VSL13.exe
O4 - HKCU\..\Run: [VSL07.exe] F:\WINDOWS\system32\VSL07.exe
O4 - HKCU\..\Run: [ssqbn.exe] F:\WINDOWS\system32\ssqbn.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [IW_Drop_Icon] F:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e /DropDisc
O4 - HKCU\..\Run: [InstantTray] F:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - Global Startup: DING!.lnk = F:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Windows Desktop Search.lnk = F:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://F:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://f:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://F:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?95cc1b34a35046129ab3e6d65c78d3e
O8 - Extra context menu item: Open in new foreground tab - res://F:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?95cc1b34a35046129ab3e6d65c78d3e
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://f:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Update Page Content - F:\Program Files\MSN\MSNIA\CC\MSNCC\WA\refreshpage.htm
O8 - Extra context menu item: View All Originals On Page - F:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - F:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab40641.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab32846.cab
O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.com/resources/neut...s/DigWebX2.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames...l.cab42858.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab41227.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://aamco.webex.com/client/v_myw...ex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D476A522-347D-4E9B-914C-4BE04B4761CB}: NameServer = 205.171.3.65 205.171.2.65
O18 - Protocol: bw+0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {5A3A6893-1C9F-4925-9942-F5B25F9A83E4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: mmc.dll F:\WINDOWS\system32\mmc.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Network Monitor - Unknown owner - F:\Program Files\Network Monitor\netmon.exe (file missing)

this is the smitfraud report
SmitFraudFix v2.76

Scan done at 11:47:11.73, 07/29/2006
Run from F:\Documents and Settings\Binh Phan\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» F:\


»»»»»»»»»»»»»»»»»»»»»»»» F:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» F:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» F:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» F:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» F:\Documents and Settings\Binh Phan\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» F:\DOCUME~1\BINHPH~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» F:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="F:\\Program Files\\AOD\\qufyfux.html"
"SubscribedURL"=""
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="F:\\Program Files\\Microsoft Picture It! 9\\nicocivus.html"
"SubscribedURL"=""
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

no..this is the first forum i have been trying to get help from
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 30-07-2006, 03:21 AM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: hijack log please help
Hi,



Please download Qoofix by RubbeR DuckY from one of the following locations:

http://www.malwarebytes.org/Qoofix.zip or
http://www.besttechie.net/tools/Qoofix.zip
  1. Unzip all files to a convenient location such as C:\Qoofix.
  2. Go to the folder you unzipped all files and run Qoofix.exe.
  3. Click Begin Removal and wait for the scan to finish.
  4. If an infection has been found, select yes to restart your computer.

Finally post a new Hijack This log and the contents of the Qoofix logfile.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
about:blank hijack - Hijack this log muzikmann Spyware, Adware, Viruses and HijackThis Logs 3 02-09-2004 06:47 PM


All times are GMT +1. The time now is 01:05 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav