Unsolved
This post is more than 5 years old
21 Posts
0
2116
September 10th, 2006 10:00
Win 32 Pop agony
I tried a few virus removal programs and none of them worked for this virus.
It pops up every 20 to 30 mins and reads "C:\DOCUME~1\DARREL~1\LOCALS~1\Temp\sa9E.exe is not a valid Win32 application"
Here is my HiJackThis log file. It's very big so I will put in two messages.
Logfile of HijackThis v1.99.1
Scan saved at 7:14:58 PM, on 9/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.my.msn.com/default.armx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.topsearcher.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Adobe Acrobat Reader Installer\ActiveX\AcroIEHelper.dll
O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp4CA4.tmp (file missing)
O3 - Toolbar: SuperBar - {E9E2B1B9-7F06-4452-9C94-3DA3E9739FB7} - C:\Program Files\_SUPERBAR\_SUPERBAR.dll (file missing)
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ConMgr.exe] "c:\Program Files\EarthLink 5.0\conmgr.exe"
O4 - HKLM\..\Run: [zqh] C:\WINDOWS\zqh.exe
O4 - HKLM\..\Run: [cbglolql] C:\WINDOWS\cbglolql.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [drawd] C:\WINDOWS\System32\drawd.exe
O4 - HKLM\..\Run: [tgzqzkh] C:\WINDOWS\tgzqzkh.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Logitech Desktop Messenger] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Darrell Hurston\NewVersion\setup-8876480.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm231YYBS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_EN_XP.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/CursorManiaFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,64/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097927724484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130676262390
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1009_1035_pack_XP.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN_XP.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
O18 - Protocol: bw+0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop
It pops up every 20 to 30 mins and reads "C:\DOCUME~1\DARREL~1\LOCALS~1\Temp\sa9E.exe is not a valid Win32 application"
Here is my HiJackThis log file. It's very big so I will put in two messages.
Logfile of HijackThis v1.99.1
Scan saved at 7:14:58 PM, on 9/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.my.msn.com/default.armx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.topsearcher.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Adobe Acrobat Reader Installer\ActiveX\AcroIEHelper.dll
O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp4CA4.tmp (file missing)
O3 - Toolbar: SuperBar - {E9E2B1B9-7F06-4452-9C94-3DA3E9739FB7} - C:\Program Files\_SUPERBAR\_SUPERBAR.dll (file missing)
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ConMgr.exe] "c:\Program Files\EarthLink 5.0\conmgr.exe"
O4 - HKLM\..\Run: [zqh] C:\WINDOWS\zqh.exe
O4 - HKLM\..\Run: [cbglolql] C:\WINDOWS\cbglolql.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [drawd] C:\WINDOWS\System32\drawd.exe
O4 - HKLM\..\Run: [tgzqzkh] C:\WINDOWS\tgzqzkh.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Logitech Desktop Messenger] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Darrell Hurston\NewVersion\setup-8876480.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm231YYBS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_EN_XP.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/CursorManiaFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,64/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097927724484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130676262390
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1009_1035_pack_XP.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN_XP.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
O18 - Protocol: bw+0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop
0 events found
No Events found!
bamajim
10.4K Posts
0
September 10th, 2006 18:00
bamajim
10.4K Posts
0
September 11th, 2006 18:00
DarrellHurston
Please keep all of your responses as replies to this thread please, so I will know when you respond. Thanks
Please go here
And Download SmitFraudFix by S!ri
Open the Smitfraudfix floder
Double-click smitfraudfix.cmd
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt
DarrellHurston
21 Posts
0
September 11th, 2006 21:00
Hoping it helps.
SmitFraudFix v2.87
Scan done at 18:37:13.43, Mon 09/11/2006
Run from C:\Documents and Settings\Darrell Hurston\Local Settings\Temp\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\blank.mht FOUND !
C:\WINDOWS\screen.html FOUND !
C:\WINDOWS\timessquare1.dat FOUND !
C:\WINDOWS\warnhp.html FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\ld???.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ncompat.tlb FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\wiatwain.dll FOUND !
C:\WINDOWS\system32\wldr.dll FOUND !
C:\WINDOWS\system32\wp.bmp FOUND !
C:\WINDOWS\system32\ztoolbar.bmp FOUND !
C:\WINDOWS\system32\ztoolbar.xml FOUND !
C:\WINDOWS\system32\1024\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Darrell Hurston\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DARREL~1\FAVORI~1
C:\DOCUME~1\DARREL~1\FAVORI~1\Antivirus Test Online.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\eMedia Codec\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}"="WaitWain for Windows"
[HKEY_CLASSES_ROOT\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}\InProcServer32]
@="C:\WINDOWS\system32\wiatwain.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}\InProcServer32]
@="C:\WINDOWS\system32\wiatwain.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}"="Replay for WindowsXP"
[HKEY_CLASSES_ROOT\CLSID\{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}\InProcServer32]
@="C:\WINDOWS\system32\replmap.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}\InProcServer32]
@="C:\WINDOWS\system32\replmap.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
bamajim
10.4K Posts
0
September 12th, 2006 00:00
You may want to print out these instructions for reference
First Go here and Download Ewido Antimalware 4.0
( 30 day free trial version) Save it to Your Desktop
Double Click Ewido-setup
(It will create its own folder)
Once the program starts You will be at the Status menu
Click change status on Resident shield to inactive
Click Update now (next to last update)
After the update loads
Under Automatic updates Uncheck download and install updates automatically(recommended)
(you can always select maual updates the next day)
Under how to scan All boxes should be checked
Under Possibly unwanted software All boxes should be checked
Under reports Select Automatically generate report after every scan
Uncheck Only if threats were found
Under what to scan Scan every file should be highlited
Reboot your PC into Safe Mode
This can be done by
Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices)
Use your arrow keys and select Safe Mode and then Enter
Next Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : " Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if your computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.To finish the cleaning
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Run Ewido (in safe mode)
Select Complete system scan
Click save report as (Another window will open)
Save it to your desktop
(By default It will be saved in the Ewido folder as)
C:\Program Files\ewido anti-spyware 4.0\Reports
Exit Ewido
Reboot your PC in Normal Mode
It will open in Notepad
Copy and paste that report as a reply to this thread
Your reply should include
your report_scan.txt log from Ewido
a fresh Hijackthis log
DarrellHurston
21 Posts
0
September 13th, 2006 10:00
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 7:23:37 AM 9/13/2006
+ Scan result:
C:\Documents and Settings\Darrell Hurston\Local Settings\Temp\180sainstallersilsais.exe/clientax.dll -> Adware.180Solutions : Error during cleaning.
C:\Documents and Settings\Darrell Hurston\Local Settings\Temp\res5.tmp -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Darrell Hurston\Local Settings\Temp\res6.tmp -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\flash.inf -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5345A7A1-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5345A7A9-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\EMediaCodec.Chl -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\EMediaCodec.Chl\CLSID -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{5345A7A9-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1571904370-3160321287-1410509618-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1571904370-3160321287-1410509618-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5345A7A1-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1571904370-3160321287-1410509618-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5345A7A9-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\lcinstaller.exe -> Adware.WinAD : Cleaned with backup (quarantined).
HKU\S-1-5-21-1571904370-3160321287-1410509618-1006\Software\ComSoft -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1571904370-3160321287-1410509618-1006\Software\SCom -> Dialer.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\EGCOMLIB_1035.dll -> Dialer.InstantAccess : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\LiveService_9.dll -> Dialer.InstantAccess : Cleaned with backup (quarantined).
C:\WINDOWS\Q810565.log:iwpub -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q815485.log:lylszt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\QFN.ini:fcnlhi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\b2_t_KAZAA70.xml:kwimu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\b2_t_KAZAA70.xml:kwimug -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\~GLH0003.TMP:bvvfp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\~GLH0003.TMP:eptxcd -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\~GLH0003.TMP:lxbsi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Soap Bubbles.bmp:zxzdm -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\Windows Update.log:nzzomy -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\b2_t_ROLAND+JV-1010+MANUAL&665.xml:ukfzqe -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\~GLH0003.TMP:htudkz -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\~GLH0003.TMP:kzrxnj -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\~GLH0003.TMP:zxnmqw -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\DtcInstall.log:sdlqns -> Downloader.Agent.td : Cleaned with backup (quarantined).
C:\WINDOWS\KB896688.log:jbqis -> Downloader.Agent.td : Cleaned with backup (quarantined).
C:\WINDOWS\KB896688.log:jbqisu -> Downloader.Agent.td : Cleaned with backup (quarantined).
C:\WINDOWS\Q329390.log:hoeden -> Downloader.Agent.td : Cleaned with backup (quarantined).
C:\WINDOWS\Q828026Uninst.log:orolw -> Downloader.Agent.td : Cleaned with backup (quarantined).
C:\WINDOWS\b2_t_ROLAND+JV-1010+MANUAL&348.xml:jazajb -> Downloader.Agent.td : Cleaned with backup (quarantined).
C:\WINDOWS\~GLH0003.TMP:pqbji -> Downloader.Agent.td : Cleaned with backup (quarantined).
C:\Documents and Settings\Darrell Hurston\Local Settings\Temp\Del4.tmp -> Downloader.Small.asf : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32:tpaa.dll -> Downloader.Small.azk : Cleaned with backup (quarantined).
C:\Documents and Settings\Darrell Hurston\Local Settings\Temp\GLFAGLFA.EXE -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\WINDOWS\KB842773.log:ageay -> Downloader.WinShow.bg : Cleaned with backup (quarantined).
C:\WINDOWS\KB885884.log:lhpluv -> Downloader.WinShow.bg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ld100.tmp -> Downloader.Zlob.wv : Cleaned with backup (quarantined).
C:\WINDOWS\warnhp.html -> Hijacker.WallpaperChange : Cleaned with backup (quarantined).
C:\Documents and Settings\Darrell Hurston\Local Settings\Temp\11.tmp -> Not-A-Virus.Hoax.Win32.Renos.ad : Ignored.
C:\WINDOWS\SYSTEM32\wiatwain.dll -> Not-A-Virus.Hoax.Win32.Renos.at : Ignored.
[756] C:\WINDOWS\system32\wiatwain.dll -> Not-A-Virus.Hoax.Win32.Renos.at : Ignored.
C:\Documents and Settings\Darrell Hurston\Cookies\darrell hurston@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Darrell Hurston\Cookies\darrell hurston@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Darrell Hurston\Local Settings\Temp\Cookies\darrell hurston@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dena Mingo DJ\Cookies\dena mingo dj@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Darrell Hurston\Cookies\darrell hurston@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Darrell Hurston\Local Settings\Temp\Cookies\darrell hurston@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Darrell Hurston\Local Settings\Temp\Cookies\darrell hurston@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Darrell Hurston\Cookies\darrell hurston@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Darrell Hurston\Local Settings\Temp\Cookies\darrell hurston@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Darrell Hurston\Cookies\darrell hurston@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Darrell Hurston\Local Settings\Temp\Cookies\darrell hurston@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Darrell Hurston\Cookies\darrell hurston@ehg-hollywood.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Darrell Hurston\Cookies\darrell hurston@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Darrell Hurston\Cookies\darrell hurston@phg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Darrell Hurston\Cookies\darrell hurston@counter16.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Darrell Hurston\Cookies\darrell hurston@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Dena Mingo DJ\Cookies\dena mingo dj@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Darrell Hurston\Local Settings\Temp\Cookies\darrell hurston@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Dena Mingo DJ\Cookies\dena mingo dj@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Darrell Hurston\Cookies\darrell hurston@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\002374_.tmp:wxrdgd -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\DHCPUPG.LOG:zctdti -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\KB887742.log:dizyof -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\KB896423.log:qaydqj -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\Q329048.log:pnlykd -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\Q828026Uninst.log:orolwg -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\addrb.exe -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\b2_t_PEEPY%27S+FORUM944.xml:dxasoj -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\b2_t_PRO+TOOLS+UPGRADE130.xml:zapvhq -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\b2_t_ROLAND+JV-1010+MANUAL&348.xml:ckmuob -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\twieg.dat:hruwcy -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\~GLH0003.TMP:gxvzom -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\~GLH0003.TMP:osbqiw -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\~GLH0003.TMP:ryyrkh -> Trojan.Agent.bi : Cleaned with backup (quarantined).
C:\WINDOWS\~GLH0003.TMP:wrjlom -> Trojan.Agent.bi : Cleaned with backup (quarantined).
HKU\S-1-5-21-1571904370-3160321287-1410509618-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0103CD4-D1CE-411A-B75B-4FEC072867F4} -> Trojan.Puper.ac : Cleaned with backup (quarantined).
C:\Program Files\eMedia Codec -> Trojan.Small : Cleaned with backup (quarantined).
C:\Program Files\eMedia Codec\uninst.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld74B9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld828F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : Cleaned with backup (quarantined).
HKU\S-1-5-21-1571904370-3160321287-1410509618-1006\Software\Classes\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C} -> Trojan.Small : Cleaned with backup (quarantined).
HKU\S-1-5-21-1571904370-3160321287-1410509618-1006_Classes\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C} -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Darrell Hurston\Local Settings\Temp\ddgf.exe -> Trojan.TopAntiSpyware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darrell Hurston\Local Settings\Temp\oelc.exe -> Trojan.TopAntiSpyware : Cleaned with backup (quarantined).
::Report end
DarrellHurston
21 Posts
0
September 13th, 2006 10:00
SmitFraudFix v2.87
Scan done at 7:37:25.93, Wed 09/13/2006
Run from C:\Documents and Settings\Darrell Hurston\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\blank.mht FOUND !
C:\WINDOWS\screen.html FOUND !
C:\WINDOWS\timessquare1.dat FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\ncompat.tlb FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\wiatwain.dll FOUND !
C:\WINDOWS\system32\wldr.dll FOUND !
C:\WINDOWS\system32\wp.bmp FOUND !
C:\WINDOWS\system32\ztoolbar.bmp FOUND !
C:\WINDOWS\system32\ztoolbar.xml FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Darrell Hurston\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DARREL~1\FAVORI~1
C:\DOCUME~1\DARREL~1\FAVORI~1\Antivirus Test Online.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}"="WaitWain for Windows"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}"="Replay for WindowsXP"
[HKEY_CLASSES_ROOT\CLSID\{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}\InProcServer32]
@="C:\WINDOWS\system32\replmap.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}\InProcServer32]
@="C:\WINDOWS\system32\replmap.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
bamajim
10.4K Posts
0
September 13th, 2006 11:00
DarrellHurston
From your SmitFraudfix log it looks like you ran option 1 again. Did you run option 2?
If not please do so and post the results as well as a fresh Hijackthis log
thanks
DarrellHurston
21 Posts
0
September 13th, 2006 22:00
Scan done at 19:14:09.59, Wed 09/13/2006
Run from C:\Documents and Settings\Darrell Hurston\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}"="WaitWain for Windows"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}"="Replay for WindowsXP"
[HKEY_CLASSES_ROOT\CLSID\{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}\InProcServer32]
@="C:\WINDOWS\system32\replmap.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}\InProcServer32]
@="C:\WINDOWS\system32\replmap.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\blank.mht Deleted
C:\WINDOWS\screen.html Deleted
C:\WINDOWS\timessquare1.dat Deleted
C:\WINDOWS\system32\ncompat.tlb Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\wiatwain.dll Deleted
C:\WINDOWS\system32\wldr.dll Deleted
C:\WINDOWS\system32\wp.bmp Deleted
C:\WINDOWS\system32\ztoolbar.bmp Deleted
C:\WINDOWS\system32\ztoolbar.xml Deleted
C:\DOCUME~1\DARREL~1\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning not selected.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}"="WaitWain for Windows"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}"="Replay for WindowsXP"
[HKEY_CLASSES_ROOT\CLSID\{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}\InProcServer32]
@="C:\WINDOWS\system32\replmap.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}\InProcServer32]
@="C:\WINDOWS\system32\replmap.dll"
»»»»»»»»»»»»»»»»»»»»»»»» End
Hope this is the right one this time
Thanks a million
bamajim
10.4K Posts
0
September 13th, 2006 23:00
DarrellHurston
That was the right one :smileyhappy:
Now could I have the fresh Hijackthis log please
DarrellHurston
21 Posts
0
September 14th, 2006 03:00
Logfile of HijackThis v1.99.1
Scan saved at 12:37:45 AM, on 9/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.my.msn.com/default.armx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.topsearcher.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Adobe Acrobat Reader Installer\ActiveX\AcroIEHelper.dll
O3 - Toolbar: SuperBar - {E9E2B1B9-7F06-4452-9C94-3DA3E9739FB7} - C:\Program Files\_SUPERBAR\_SUPERBAR.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ConMgr.exe] "c:\Program Files\EarthLink 5.0\conmgr.exe"
O4 - HKLM\..\Run: [zqh] C:\WINDOWS\zqh.exe
O4 - HKLM\..\Run: [cbglolql] C:\WINDOWS\cbglolql.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [drawd] C:\WINDOWS\System32\drawd.exe
O4 - HKLM\..\Run: [tgzqzkh] C:\WINDOWS\tgzqzkh.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Logitech Desktop Messenger] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Darrell Hurston\NewVersion\setup-8876480.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm231YYBS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_EN_XP.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/CursorManiaFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,64/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097927724484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130676262390
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1009_1035_pack_XP.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN_XP.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
O18 - Protocol: bw+0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
DarrellHurston
21 Posts
0
September 14th, 2006 03:00
O18 - Protocol: bw40 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol hijack: mhtml -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: icservice - Unknown owner - C:\Program Files\Aladdin Systems\Internet Cleanup\icserv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Unknown owner - C:\Program Files\Dantz\Retrospect\retrorun.exe (file missing)
O23 - Service: Retrospect WD Service (RetroWDSvc) - Unknown owner - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe (file missing)
Thank you for being patient with a novice like me.
bamajim
10.4K Posts
0
September 14th, 2006 13:00
You are most welcome, good job so far :smileyhappy:
You may want to print out these instructions for reference
First We need to make sure we can see hidden files and folders
- Click Start.
Next Re Run Hijackthis and place checks beside the following entriesClick My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Uncheck the Hide file extensions for known file types.
Click OK.
- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.topsearcher.com/ie/
Close all other open windows except Hijackthis and Select " Fix checked"R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O3 - Toolbar: SuperBar - {E9E2B1B9-7F06-4452-9C94-3DA3E9739FB7} - C:\Program Files\_SUPERBAR\_SUPERBAR.dll (file missing)
O4 - HKLM\..\Run: [zqh] C:\WINDOWS\zqh.exe
O4 - HKLM\..\Run: [cbglolql] C:\WINDOWS\cbglolql.exe
O4 - HKLM\..\Run: [drawd] C:\WINDOWS\System32\drawd.exe
O4 - HKLM\..\Run: [tgzqzkh] C:\WINDOWS\tgzqzkh.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_EN_XP.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/CursorManiaFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} (One2One Viewer) - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1009_1035_pack_XP.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN_XP.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cab
O18 - Protocol hijack: mhtml -
If prompted to Reboot Select No and close Hijackthis
Next Using Windows Explorer
- (Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)
Locate and delete the following folders- C:\Program Files\_SUPERBAR
Locate and delete the following filesC:\Program Files\PartyPoker
- C:\WINDOWS\zqh.exe
Close Windows ExplorerC:\WINDOWS\cbglolql.exe
C:\WINDOWS\System32\drawd.exe
C:\WINDOWS\tgzqzkh.exe
Reboot your PC
Next Run an online virus scan called Kaspersky from HERE.
- 1. Click on " Kaspersky Online Scanner"
Copy and post the results of the Kaspersky Online scan2. A new smaller window will pop up. Press on " Accept". After reading the contents.
3. Now Kaspersky will update the anti-virus database. Let it run.
4. Click on " Next"->>" Scan Settings", and make sure the database is set to " extended". And check both the scan options. Then click OK.
5. Then click on " My Computer". And the scan will start.
6. Once finished, save a log as ". txt" to the desktop.
And Rerun Hijackthis and post a fresh hijackthis log
Again if you have to post the results in more than one reply please do so.
DarrellHurston
21 Posts
0
September 15th, 2006 10:00
O18 - Protocol: bw+0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0s - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol hijack: mhtml -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {97EC3209-B83D-4357-A893-3D0CDC864D26} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: icservice - Unknown owner - C:\Program Files\Aladdin Systems\Internet Cleanup\icserv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Unknown owner - C:\Program Files\Dantz\Retrospect\retrorun.exe (file missing)
O23 - Service: Retrospect WD Service (RetroWDSvc) - Unknown owner - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe (file missing)
DarrellHurston
21 Posts
0
September 15th, 2006 10:00
I did everything you said.But I couldn't find the partypoker file, the zqh.exe file, the cbglolql.exe
drawd.exe
tgzqzkh.exe. The only one I found and deleted was the superbar file in my c-drive. Also, the Win 32 popup stopped. I hope these are good signs. Thank you so much for your help.
Here is the fresh Hijackthis file.
Logfile of HijackThis v1.99.1
Scan saved at 7:01:41 AM, on 9/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Digidesign\Pro Tools\ProToolsLE.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.my.msn.com/default.armx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Adobe Acrobat Reader Installer\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ConMgr.exe] "c:\Program Files\EarthLink 5.0\conmgr.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Logitech Desktop Messenger] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Darrell Hurston\NewVersion\setup-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm231YYBS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,64/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097927724484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130676262390
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
bamajim
10.4K Posts
0
September 15th, 2006 16:00