Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"advertisement" Popup - Surfaccuracy


  • Please log in to reply
31 replies to this topic

#1 TuF_RyDa

TuF_RyDa

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 13 November 2005 - 11:59 AM

It all started with the ISTbar. But after going through the steps before posting a topic it was gone. However, i still get these "Advertisement" popups at random times. Here is my HJT logfile:

Logfile of HijackThis v1.99.1
Scan saved at 12:55:17 PM, on 12/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Updater.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qca7.hpwis.com/
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: - {34e5526b-39ed-440c-916b-7f877ac0fe03} - C:\WINDOWS\System32\jjnx.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [kfqxzk] c:\windows\system32\ogffzs.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\RunServices: [kernctl32] rundll32 kctl32.dll,initialize
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: LimeWire 4.2.6.lnk = C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AOL Instant Messenger ™ - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://glass.webmaster.com:8000/java/cr.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2000i\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file://C:\Program Files\AutoCAD 2000i\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2000i\AcPreview.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: bw+0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:47 AM

Posted 16 November 2005 - 09:47 AM

Hi TuF_RyDa,
I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.
Greets Jürgenv

Donation: Click me.

#3 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:47 AM

Posted 17 November 2005 - 01:04 PM

  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

* close after that ewido

* download, install and update 1 of the following free antivirus, because I see you don't have any AV installed on your computer!
AVG free
or
Avast! home edition 4
or
antivir

* Click on start, settings, control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following if they exist:

SurfAccuracy

* if you don't really use Logitech Desktop Messenger I reccomend to uninstall it, because it slowing down your computer :thumbsup:

* Run Hijackthis again, click scan, and Put a checkmark next to each of these if they still present.

R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: - {34e5526b-39ed-440c-916b-7f877ac0fe03} - C:\WINDOWS\System32\jjnx.dll
O4 - HKLM\..\Run: [kfqxzk] c:\windows\system32\ogffzs.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\RunServices: [kernctl32] rundll32 kctl32.dll,initialize
O18 - Protocol: bw+0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7DE2660D-584C-4BE3-A8CF-D25E7692E47F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


* After you check the items, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis

* Boot into safe mode: Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

* make sure that all hidden files and folders are visible:

To enable the viewing of Hidden files follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

* delete following folder if it's still present:

C:\Program Files\SurfAccuracy

* and delete following files if they're still present:

C:\windows\system32\ogffzs.exe
C:\WINDOWS\System32\jjnx.dll

* open ewido trojan scanner and:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")


* Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:


Temporary Files
Temporary Internet Files
Recycle Bin


* boot back to normal and post a new hijackthis log here with the report from ewido
Greets Jürgenv

Donation: Click me.

#4 TuF_RyDa

TuF_RyDa
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 18 November 2005 - 10:58 PM

Hey jurgenv!

Thanks alot for your help! i did what you said. and i got the Avast! home edition 4 antivirus program, and it keeps notifying me that its found a trojan called C:\WINDOWS\SYSTEM32\KBDNXCNT.DLL\[UPX] but when i 'move to chest' as recommended it says the process is in use. so i just click no action. it showed me this for another file too, but it will only show the name of the last infected thing. can i get rid of this? is it bad? Heres the new HJT log, followed by the report from ewido:

Logfile of HijackThis v1.99.1
Scan saved at 10:03:31 PM, on 18/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Updater.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qca7.hpwis.com/
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: LimeWire 4.2.6.lnk = C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AOL Instant Messenger ™ - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://glass.webmaster.com:8000/java/cr.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2000i\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file://C:\Program Files\AutoCAD 2000i\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2000i\AcPreview.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Heres the report from ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:51:09 PM, 18/11/2005
+ Report-Checksum: 7F5C71EE

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WUInst.dll\\.Owner -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WUInst.dll\\{E2F2B9D0-96B9-4B25-B90C-636ECB207D18} -> Spyware.SaveNow : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.369:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.391:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.392:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.406:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.407:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.422:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.424:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.425:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.439:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.469:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.470:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.504:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.508:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.541:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
:mozilla.544:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.554:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.555:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.575:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.579:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.609:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.637:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.657:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.658:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.660:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.661:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.663:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.665:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.666:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.672:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.690:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.691:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.692:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.693:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.694:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.695:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.696:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.697:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.701:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.710:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.715:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.716:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.717:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.718:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.719:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.720:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.721:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.768:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.769:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.789:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Findwhat : Cleaned with backup
:mozilla.792:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.793:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.794:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.795:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.796:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.797:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.798:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.818:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.833:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.898:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.900:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.907:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Adengage : Cleaned with backup
:mozilla.908:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Adengage : Cleaned with backup
:mozilla.909:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Adengage : Cleaned with backup
:mozilla.928:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.938:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.941:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\prdwh43m.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@fl01.ct2.comclick[1].txt -> Spyware.Cookie.Comclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ppms.popularix[1].txt -> Spyware.Cookie.Popularix : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\75UGQO4T\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Program Files\SpyHunter\Backup\owner@adtech[2].txt.bak -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Program Files\SpyHunter\Backup\owner@centrport[1].txt.bak -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\SpyHunter\Backup\owner@trafficmp[1].txt.bak -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\WINDOWS\system32\fsearchbar.dll -> Spyware.FSBar : Cleaned with backup


::Report End

#5 TuF_RyDa

TuF_RyDa
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 19 November 2005 - 12:30 PM

oh, i seem to have another problem now. In Microsoft Word, when i click on something at the top (like File, Edit, View...) the drop down menu is only outlined and i can't see anything inside of it.

#6 TuF_RyDa

TuF_RyDa
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 19 November 2005 - 01:06 PM

oh nevermind. it has fixed itself. :thumbsup:

#7 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:47 AM

Posted 19 November 2005 - 05:44 PM

* Please download/install
Spybot Search & Destroy and AdAware

* Run Hijackthis again, click scan, and Put a checkmark next to each of these if they still present.

R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

* After you check the items, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis

* Boot into safe mode: Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

* do a full system scan with avast! and remove everything that it finds

* do a full system scan with spybot and ad-aware SE and remove everything that it finds

* boot back to normal and post a new hijackthis log here

Edited by jurgenv, 19 November 2005 - 05:45 PM.

Greets Jürgenv

Donation: Click me.

#8 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:47 AM

Posted 20 November 2005 - 08:16 AM

NOTE: install spybot and ad-wareSE if you haven't these already
and please before you scan with it, update the two programs before you scan
Greets Jürgenv

Donation: Click me.

#9 TuF_RyDa

TuF_RyDa
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 20 November 2005 - 09:12 PM

I followed your instructions. While in safe mode and scaning with avast! it found the infected file C:\WINDOWS\System32\kbdnxcNT.dll\[UPX]. The recommended action was to move to chest so i did this but it did not work. it said an error has occurred during the processing of result. i tried the option to delete it, but the same message came up.

i rebooted and avast! on-access scanner is still telling me about the virus but when i try to move to chest or delete it says it cannot be processed because it is being used by another process.

I scanned with hijackthis. here is the logfile. note that the R3 line is still there even though i selected and clicked fix checked before.

Logfile of HijackThis v1.99.1
Scan saved at 9:04:44 PM, on 20/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Updater.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qca7.hpwis.com/
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: LimeWire 4.2.6.lnk = C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AOL Instant Messenger ™ - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://glass.webmaster.com:8000/java/cr.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2000i\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file://C:\Program Files\AutoCAD 2000i\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2000i\AcPreview.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#10 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:47 AM

Posted 22 November 2005 - 12:53 PM

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.
Greets Jürgenv

Donation: Click me.

#11 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 22 November 2005 - 03:13 PM

Hi TuF_RyDa,

Could you also do the following after you have followed jurgenv's last set of intructions and we'll come up with a fix for that R3:

Please download and install the program Registry Lite from here:

http://www.resplendence.com/reglite

Once it is installed, please double click on the icon that should now be on your desktop. If an icon is not there, then check under the programs portion of the Start Menu.

Once it is opened, copy and paste the following bold text into the address field of Registrar Lite and click "Go" (or press Enter):.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks

The URLSearchHooks key should show as a folder highlighted in blue in the left section. Now click on the icon that looks like a floppie. Give the file a name, such as SearchHooks.reg and save it to your desktop.

Now right click on SearchHooks.reg and choose Edit. A text file will open in Notepad. Copy and paste the entire contents of that file into your next post.

Thanks.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#12 TuF_RyDa

TuF_RyDa
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 22 November 2005 - 10:49 PM

OK, here is the new HJT log and log.txt from the aproposfix folder (from jurgenv's instructions):

Logfile of HijackThis v1.99.1
Scan saved at 10:45:13 PM, on 22/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Updater.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qca7.hpwis.com/
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: LimeWire 4.2.6.lnk = C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AOL Instant Messenger ™ - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://glass.webmaster.com:8000/java/cr.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2000i\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file://C:\Program Files\AutoCAD 2000i\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2000i\AcPreview.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\Owner\Desktop\aproposfix

************

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\Cuij7Ay7Ye2m]
@="IALPORTabbabbcbAUDBHUBabbaqdb6w\\r.62b2YSTEMhgbDRIVERSbIMALTDRVcSYS"
"Device"="\\\\.\\audbhub"
"DriverPath"="C:\\WINDOWS\\System32\\drivers\\imaltdrv.sys"
"DriverName"="ialport"
"HideUninstallerName"="C:\\Program Files\\Kazgames\\dmcmssap.exe"
"UninstallerPath"="C:\\WINDOWS\\System32\\dpmeacct.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{D33FFE23-7A51-4940-B960-A97548844444}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\System32\\auddbene.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{X2a6e37f-ff5a-3c69-0512-9f149890b90c}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Kazgames\\him23msp.exe"

************

Removing hidden service:
Service ialport removed.

Removing hidden folder:
Deletion of folder Kazgames succeeded!

Deleting files:

Deletion of file C:\WINDOWS\System32\drivers\imaltdrv.sys succeeded!
Deletion of file C:\WINDOWS\System32\pdhund3d.exe succeeded!
Deletion of file C:\WINDOWS\System32\auddbene.dll succeeded!
Deletion of file C:\WINDOWS\System32\dpmeacct.exe succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\Cuij7Ay7Ye2m]
[-HKEY_LOCAL_MACHINE\Software\Cuij7Ay7Ye2m]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D33FFE23-7A51-4940-B960-A97548844444}]

Done!

Finished!

#13 TuF_RyDa

TuF_RyDa
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 22 November 2005 - 10:58 PM

i just followed the instructions of Papakid.

When i click on the button that looks like a floppy, it says u need registry PRO to use that feature. :thumbsup:

#14 TuF_RyDa

TuF_RyDa
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 22 November 2005 - 11:04 PM

oh, and that problem im having in word (when i click File, Edit, View... at the top, just the outline of a box appears with nothing inside), that problem is in the start menu as well. like when you go Start> All Programs > then move the cursor to a program with a sub menu, it just shows an outline of a box.

#15 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 22 November 2005 - 11:58 PM

Hmm, looks like they've pulled the old Reg Lite program. Uninstall the one you downloaded and get Registrar Lite 2.00 from here:
http://www.majorgeeks.com/download469.html

Besides the blank box problem, how's PC running now? Is Avast still finding a problem?

The fate of all mankind, I see

Is in the hands of fools

--King Crimson





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users