Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected!


  • This topic is locked This topic is locked
23 replies to this topic

#1 KevinMac

KevinMac

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 14 August 2006 - 07:15 PM

Dell desktop running Windows XP home.
Computer had multi-malware, despite McAfee
Ran every kind of virus clean. It's calmed down, but will only run in safe mode.
In regular mode, when I log on I just get wallpaper.
Internet doesn't work.
Access to All Users document folder is denied.
Help?


Logfile of HijackThis v1.99.1
Scan saved at 8:08:50 PM, on 8/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
F2 - REG:system.ini: Shell=Explorer.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,cfnruxq.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137218673\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [defender] C:\\dfndra_1.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Harmony Remote V5.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O18 - Protocol: bw+0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Procedure Call (RPC) Relocator (RpcRelocator) - Unknown owner - C:\WINDOWS\relocater.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:15 AM

Posted 17 August 2006 - 10:46 AM

Hi KevinMac, :thumbsup:

If you still need help please post a fresh HijackThis log using the Add Reply button and I'll be happy to look at it for you.

Thanks for your patience! :flowers:

#3 KevinMac

KevinMac
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 17 August 2006 - 07:54 PM

Here's a fresh log as requested.
Logfile of HijackThis v1.99.1
Scan saved at 8:51:19 PM, on 8/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
F2 - REG:system.ini: Shell=Explorer.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,cfnruxq.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137218673\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [defender] C:\\dfndra_1.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Harmony Remote V5.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O18 - Protocol: bw+0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Procedure Call (RPC) Relocator (RpcRelocator) - Unknown owner - C:\WINDOWS\relocater.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#4 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:15 AM

Posted 20 August 2006 - 05:26 AM

Hi KevinMac, :thumbsup:

Welcome to BleepingComputer Forums and thanks again for your patience.

1. Download, install, and update Ewido anti-spyware
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Close Ewido. Do not run it yet.
2. Download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to, click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcan worm remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

4. Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

5. Once in Safe Mode, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Next to the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
6. Ewido Scan
  • Then run Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Restart back into Normal Mode.
7. Download and Save Blacklight to your desktop (choose "I ACCEPT" then click "DOWNLOAD" on the website).

Double-click blbeta.exe then accept the agreement, click > "Scan" then > "Next".

You'll see a list of all items found. There will also be a log on your desktop with the name "fsbl.xxxxxxxxxxxxxx.log" (the xxxxxxxxxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

Please post the Blacklight report together with the Ewido text report that you saved and a new HijackThis log.

#5 KevinMac

KevinMac
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 20 August 2006 - 08:41 PM

OK, I did what you said (downloading to another computer because I still can't get online).
EXCEPT I couldn't do Blacklight, because windows won't boot except in Safe mode, and blacklight doesn't work in safe mode.

Here's the log from ewido:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:26:48 PM 8/20/2006

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GNU96RM3\stub_sca3[1].exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\stub_sca3.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Documents and Settings\Jacob\Local Settings\Temporary Internet Files\Content.IE5\37PRRXCW\Installer[1].exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0039419.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\warebundle.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Jacob\Local Settings\Temporary Internet Files\Content.IE5\DBVZTD02\NNSCAA638[1].EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ATLEvents.ATLEvents -> Adware.VirtuMonde : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ATLEvents.ATLEvents.1 -> Adware.VirtuMonde : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ATLEvents.ATLEvents\CLSID -> Adware.VirtuMonde : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ATLEvents.ATLEvents\CurVer -> Adware.VirtuMonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Jacob\Desktop\picture006.zip/picture06.pif -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\WINDOWS\relocater.exe -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OT6N85YN\dfndr[1].exe -> Downloader.Adload.ce : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP499\A0050125.exe -> Downloader.Adload.ce : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GNU96RM3\kybrd[1].exe -> Downloader.Adload.cf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP499\A0050123.exe -> Downloader.Adload.cf : Cleaned with backup (quarantined).
C:\Documents and Settings\Jacob\Local Settings\Temporary Internet Files\Content.IE5\328JRLWT\drsmartload46a[1].exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP499\A0050117.exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP499\A0050118.exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).
C:\WINDOWS\comserv.exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OT6N85YN\wd7gi8n[1].exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\wd7gi8n.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0039410.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0039412.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Jacob\Local Settings\Temporary Internet Files\Content.IE5\UJYNERK7\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Documents and Settings\Jacob\Local Settings\Temporary Internet Files\Content.IE5\8TG7GJGJ\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0039420.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OT6N85YN\bootsector[1].zip -> Downloader.VB.afe : Cleaned with backup (quarantined).
C:\bootconect.exe -> Downloader.VB.afe : Cleaned with backup (quarantined).
C:\Documents and Settings\Jacob\Local Settings\Temporary Internet Files\Content.IE5\TJF3L5KM\drsmartload[1].exe -> Downloader.VB.afl : Cleaned with backup (quarantined).
C:\Documents and Settings\Jacob\Local Settings\Temporary Internet Files\Content.IE5\YPHIB6X0\drsmartload[1].exe -> Downloader.VB.afl : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GNU96RM3\drsmartload[2].exe -> Downloader.VB.afl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP492\A0038362.exe -> Downloader.VB.afl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0038429.exe -> Downloader.VB.afl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0039361.exe -> Downloader.VB.afl : Cleaned with backup (quarantined).
C:\Documents and Settings\Jacob\Local Settings\Temporary Internet Files\Content.IE5\37PRRXCW\drsmartload45a[1].exe -> Downloader.VB.afn : Cleaned with backup (quarantined).
C:\Documents and Settings\Jacob\Local Settings\Temporary Internet Files\Content.IE5\8TG7GJGJ\drsmartload849a[1].exe -> Downloader.VB.afn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0039424.exe -> Downloader.VB.afn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP499\A0050115.exe -> Downloader.VB.afn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP499\A0050116.exe -> Downloader.VB.afn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP499\A0050119.exe -> Downloader.VB.afn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP499\A0050120.exe -> Downloader.VB.afn : Cleaned with backup (quarantined).
C:\Documents and Settings\Jacob\Local Settings\Temporary Internet Files\Content.IE5\49YRW94Z\numbsoft[1].exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\Documents and Settings\Jacob\Local Settings\Temporary Internet Files\Content.IE5\CN5B2UJP\webnexmk[1].exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\bintheredunthat\numbsoft.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\webnexmk.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\526_620.exe -> Dropper.Mudrop.bq : Cleaned with backup (quarantined).
C:\Documents and Settings\Jacob\Local Settings\Temporary Internet Files\Content.IE5\BQOR3LOX\SS1001[1].exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0039421.exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\Documents and Settings\Jacob\Local Settings\Temporary Internet Files\Content.IE5\YT1Q7E1S\wallpap[1].exe -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OT6N85YN\nwnm[1].exe -> Hijacker.VB.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP499\A0050121.exe -> Hijacker.VB.fb : Cleaned with backup (quarantined).
C:\Documents and Settings\Jacob\Local Settings\Temporary Internet Files\Content.IE5\328JRLWT\kybrd_1[1].exe -> Hijacker.VB.fc : Cleaned with backup (quarantined).
C:\Documents and Settings\Jacob\Local Settings\Temporary Internet Files\Content.IE5\DBVZTD02\nwnm_1[1].exe -> Hijacker.VB.fc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP499\A0050122.exe -> Hijacker.VB.fc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP499\A0050124.exe -> Hijacker.VB.fc : Cleaned with backup (quarantined).
C:\Documents and Settings\Jacob\Local Settings\Temporary Internet Files\Content.IE5\49YRW94Z\dfndra_1[1].exe -> Hijacker.VB.nh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP499\A0050126.exe -> Hijacker.VB.nh : Cleaned with backup (quarantined).
C:\Documents and Settings\Jacob\Local Settings\Temporary Internet Files\Content.IE5\UJYNERK7\new[1].htm -> Not-A-Virus.Constructor.Perl.Msdds.b : Ignored.
C:\Documents and Settings\Jacob\Cookies\jacob@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Fran\Cookies\fran@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fran\Cookies\fran@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@ning.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@polo.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@snapfish.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@solmeliahotels.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tess\Cookies\tess@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Fran\Cookies\fran@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Tess\Cookies\tess@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Tess\Cookies\tess@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@adviva[1].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Fran\Cookies\fran@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Tess\Cookies\tess@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Tess\Cookies\tess@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Fran\Cookies\fran@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Kevin\Cookies\kevin@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@commission-junction[2].txt -> TrackingCookie.Commission-junction : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@commission-junction[1].txt -> TrackingCookie.Commission-junction : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Fran\Cookies\fran@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\S-1-5-21-2452429916-520820011-2068546229-1007\Dc4.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@a.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Tess\Cookies\tess@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@gator[2].txt -> TrackingCookie.Gator : Cleaned.
C:\Documents and Settings\Fran\Cookies\fran@ehg-moma.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fran\Cookies\fran@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@ehg-411web.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@ehg-boltmedia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@ehg-glam.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@ehg-helio.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@ehg-hollywoodmedia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@ehg-ifilm.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@ehg-knightridder.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@ehg-meevee.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@ehg-nestleusainc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@ehg-salonmedia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@ehg-aol.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Tess\Cookies\tess@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Fran\Cookies\fran@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Fran\Cookies\fran@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Fran\Cookies\fran@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@searchingbooth[2].txt -> TrackingCookie.Searchingbooth : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\RECYCLER\S-1-5-21-2452429916-520820011-2068546229-1007\Dc3.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jacob\Cookies\jacob@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Jacob\Local Settings\Temp\Cookies\jacob@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0039367.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP495\A0039407.exe -> Trojan.Zapchast.bl : Cleaned with backup (quarantined).


::Report end

I'll put the new hijack this log in the next post - I think this one's getting too long.

#6 KevinMac

KevinMac
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 20 August 2006 - 08:48 PM

Here's the new hijack this log (ewido log is in the previous post)
Oh, by the way. When cleaning, it said that one of my photos was infected (I can't find my photos any more) but that it was part of an archived folder so it would have to quarantine the whole thing.



Logfile of HijackThis v1.99.1
Scan saved at 9:42:06 PM, on 8/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
F2 - REG:system.ini: Shell=Explorer.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,cfnruxq.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137218673\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Harmony Remote V5.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O18 - Protocol: bw+0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Procedure Call (RPC) Relocator (RpcRelocator) - Unknown owner - C:\WINDOWS\relocater.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


THANKS A LOT, Falu.

#7 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:15 AM

Posted 22 August 2006 - 02:11 AM

Hi KevinMac, :thumbsup:

THANKS A LOT, Falu.


You're very welcome.

1. Download SDFix and save it to your desktop. Do not run it yet.

2. Download ATF Cleaner by Atribune. Do not run it yet.

3. Reboot and as the computer starts up, just before Windows starts to load, tap the F8 key a few times and then choose Safe Mode from the menu that will appear.

4.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.

5. Run HijackThis, click Scan and checkmark the following entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,cfnruxq.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\
O23 - Service: Remote Procedure Call (RPC) Relocator (RpcRelocator) - Unknown owner - C:\WINDOWS\relocater.exe (file missing)


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

6. Make sure you can view all files. Click Start >My Computer > Tools > Folder Options >View. Check "Show hidden files and folders", uncheck "Hide protected operating system files" and "Hide extensions for known file types". Click "Apply to all folders" >Apply then OK.

7. Reboot again into Safe Mode.

8. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the following files in bold if listed:

C:\WINDOWS\system32\cfnruxq.exe
C:\WINDOWS\relocater.exe

Let me know if you had problems with this step.

9. Go to Start->Run, type CMD and click Ok.

Alternatively, Press Ctrl+Alt+Delete to bring the Task Manager. While holding down the Ctrl key, click on New Task. Once the MSDOS Window comes up, minimize the Task Manager.

At the prompt type the following and press Enter after each line:

SC Stop RpcRelocator
SC Delete RpcRelocator
Exit

10. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Reboot to go back into Normal Mode and post Report.txt together with a fresh HijackThislog for review and let me know how things are running now.

#8 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:15 AM

Posted 24 August 2006 - 08:36 AM

Hi KevinMac, :thumbsup:

Unfortunately SDFix has been withdrawn for the moment.

There is a tool that does work in safe mode too.

1. Download ATF Cleaner by Atribune. Do not run it yet.

2. Download GMER from here! Unzip it to the desktop (right-click and click Extract all). Do not run it yet.

3. Reboot and as the computer starts up, just before Windows starts to load, tap the F8 key a few times and then choose Safe Mode from the menu that will appear.

4. Run HijackThis, click Scan and checkmark the following entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,cfnruxq.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\
O23 - Service: Remote Procedure Call (RPC) Relocator (RpcRelocator) - Unknown owner - C:\WINDOWS\relocater.exe (file missing)


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

5. Make sure you can view all files. Click Start >My Computer > Tools > Folder Options >View. Check "Show hidden files and folders", uncheck "Hide protected operating system files" and "Hide extensions for known file types". Click "Apply to all folders" >Apply then OK.

6. Run GMER.exe

Click the Rootkit tab and click the Scan button.

Warning! Please do not select the "Show all" checkbox during the scan.

Once done, click the Copy button; this will copy the results to your clipboard. Paste the results here in your next reply.

7. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the following files in bold if listed:

C:\WINDOWS\system32\cfnruxq.exe
C:\WINDOWS\relocater.exe

Let me know if you had problems with this step.

8. Go to Start->Run, type CMD and click Ok.

Alternatively, Press Ctrl+Alt+Delete to bring the Task Manager. While holding down the Ctrl key, click on New Task. Once the MSDOS Window comes up, minimize the Task Manager.

At the prompt type the following and press Enter after each line:

SC Stop RpcRelocator
SC Delete RpcRelocator
Exit

9. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Reboot to go back into Normal Mode and post the GMER report together with a fresh HijackThislog for review and let me know how things are running now.

#9 KevinMac

KevinMac
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 24 August 2006 - 10:25 AM

Thanks, Falu. All the steps ran successfully, but I still can only start windows in Safe mode. That is, I get to the log on screen, but when I log on a user, I only get wallpaper - no icons.
Anyway, here's the GMER Report. The new Hijack this log is in the next message, because I don't think it will fit.

GMER
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-24 11:03:55
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.10 ----

Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E1848230

---- Files - GMER 1.0.10 ----

File C:\Documents and Settings\All Users\Documents\AOL Downloads
File C:\Documents and Settings\All Users\Documents\DESKTOP.INI
File C:\Documents and Settings\All Users\Documents\My Music
File C:\Documents and Settings\All Users\Documents\My Music\AlbumArtSmall.jpg
File C:\Documents and Settings\All Users\Documents\My Music\AlbumArt_{79D3A434-2D93-4194-AD18-F79744B5CF43}_Large.jpg
File C:\Documents and Settings\All Users\Documents\My Music\AlbumArt_{79D3A434-2D93-4194-AD18-F79744B5CF43}_Small.jpg
File C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini
File C:\Documents and Settings\All Users\Documents\My Music\Folder.jpg
File C:\Documents and Settings\All Users\Documents\My Music\MUSIC.ASX
File C:\Documents and Settings\All Users\Documents\My Music\MUSIC.BMP
File C:\Documents and Settings\All Users\Documents\My Music\MUSIC.WMA
File C:\Documents and Settings\All Users\Documents\My Music\My Playlists
File C:\Documents and Settings\All Users\Documents\My Music\Sample Music
File C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArtSmall.jpg
File C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{08115859-E625-4BCD-83A8-57E01873B42F}_Large.jpg
File C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{08115859-E625-4BCD-83A8-57E01873B42F}_Small.jpg
File C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Large.jpg
File C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Small.jpg
File C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma
File C:\Documents and Settings\All Users\Documents\My Music\Sample Music\DESKTOP.INI
File C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Folder.jpg
File C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma
File C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db
File C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists
File C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0B0B0BE0
File C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0B0B0BE0\Favorites -- 4 and 5 star rated.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0B0B0BE0\Favorites -- Have not heard recently.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0B0B0BE0\Favorites -- Listen to late at night.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0B0B0BE0\Favorites -- Listen to on Weekdays.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0B0B0BE0\Favorites -- Listen to on Weekends.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0B0B0BE0\Favorites -- One Audio CD worth.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0B0B0BE0\Favorites -- One Data CD-R worth.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0B0B0BE0\Fresh tracks -- yet to be played.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0B0B0BE0\Fresh tracks -- yet to be rated.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0B0B0BE0\Fresh tracks.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0B0B0BE0\High bitrate media in my library.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0B0B0BE0\Low bitrate media in my library.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0B0B0BE0\Music tracks I dislike.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0B0B0BE0\Music tracks I have not rated.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0B0B0BE0\Music tracks with content protection.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\desktop.ini
File C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists
File C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\14D771A8
File C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\14D771A8\01_Music_auto_rated_at_5_stars.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\14D771A8\02_Music_added_in_the_last_month.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\14D771A8\03_Music_rated_at_4_or_5_stars.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\14D771A8\04_Music_played_in_the_last_month.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\14D771A8\05_Pictures_taken_in_the_last_month.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\14D771A8\06_Pictures_rated_4_or_5_stars.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\14D771A8\07_TV_recorded_in_the_last_week.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\14D771A8\08_Video_rated_at_4_or_5_stars.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\14D771A8\09_Music_played_the_most.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\14D771A8\10_All_Music.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\14D771A8\11_All_Pictures.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\14D771A8\12_All_Video.wpl
File C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\desktop.ini
File C:\Documents and Settings\All Users\Documents\My Pictures
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 Anniversary hike -DW Gap
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 anniversary hike- DW Gap.pvm
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 April Tess & Jake concert
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 April Tess, Jake concert.pvm
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0247.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0248.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0249_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0250_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0251_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0252_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0253_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0254_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0255_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0256_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0257.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0258.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0259_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0260_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0261_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0262_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0263.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0264.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0265.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0266_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0267.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0268.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0268_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0269.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0269_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0270_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0271_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0272.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0272_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0273_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0274_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0275_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0276_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0277.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0278.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0279_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0280_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0281_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0282.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0283.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0284_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0285_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0286.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0287.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0288.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0289_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0290_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0291_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0292_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0293.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0294_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0295_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0296_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0297_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0298_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0299_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0300_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0301_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0302_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0303_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0304_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0305.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0306_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0307_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0308.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0309_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0310.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0311.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0312.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0313_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0314.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0315_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0316_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0317_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0318.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0319.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0320.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0323.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0324.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0325.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0326.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0327.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0328_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0329_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0330_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0331_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0332.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\img_0333_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0334.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0335.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0336.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0337_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0338.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0339.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0340.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0341.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0342.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0343_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0344_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0345.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0346.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0347.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0348.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0349_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0350_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0351.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0352.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0353.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0354.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0355_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0356.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0357_r1 (2).jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0357_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0358.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0359.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0360_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0361_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0362_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0363.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0364_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0365.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0366_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0367_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0368_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0369.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0370.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0371.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0372.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0373_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0374.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0375_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\IMG_0376.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\Thumbs.db
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 California vacation\ZbThumbnail.info
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 Fran haircut
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 Fran haircut, kids.pvm
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May June album.pvm
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May Tess soccer tournament Vipers
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May Tess soccer tournament Vipers\DSC_0013.NEF
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May Tess soccer tournament Vipers\DSC_0159.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May Tess soccer tournament Vipers\DSC_0169.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May Tess soccer tournament Vipers\DSC_0182.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May Tess soccer tournament Vipers\DSC_0183.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May Tess soccer tournament Vipers\DSC_0206.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May Tess soccer tournament Vipers\DSC_0207.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May Tess soccer tournament Vipers\DSC_0239.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May Tess soccer tournament Vipers\DSC_0271.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May Tess soccer tournament Vipers\DSC_0280.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May Tess soccer tournament Vipers\DSC_0282.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May Tess soccer tournament Vipers\DSC_0304.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May Tess soccer tournament Vipers\DSC_0350.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May Tess soccer tournament Vipers\DSC_0377.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May Tess soccer tournament Vipers\DSC_0380.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May Tess soccer tournament Vipers\DSC_0383.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May Tess soccer tournament Vipers\Thumbs.db
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May Tess soccer tournament Vipers\ZbThumbnail.info
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May Tess Vipers tournament.pvm
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 May-June
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 October Fran
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 October Fran\103_0377_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 October Fran\103_0378_r1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 October Fran\Thumbs.db
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 October Fran\ZbThumbnail.info
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 October Fran.pvm
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 Summer California vacation.pvm
File C:\Documents and Settings\All Users\Documents\My Pictures\2004 unedited & sideways
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 August Litchfield Jazz.pvm
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Dec 30.pvm
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 guitar etc
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 guitar etc\IMG_0453.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 guitar etc\IMG_0454.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 guitar etc\IMG_0455.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 guitar etc\IMG_0456.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 guitar etc\IMG_0457.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 guitar etc\IMG_0460.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 guitar etc\jake cropped.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 guitar etc\Thumbs.db
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 July 16.pvm
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\IMG_0054.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\IMG_0056.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\IMG_0063.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\IMG_0064.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\IMG_0065.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\IMG_0067.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\IMG_0069.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\IMG_0070.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\IMG_0071.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\IMG_0072.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\IMG_0073.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\IMG_0074.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\IMG_0075.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\IMG_0076.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\IMG_0077.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\IMG_0079.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\IMG_0080.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\IMG_0082.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\IMG_0083.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\IMG_0086.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\IMG_0088.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 June Tess\Thumbs.db
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0415.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0416.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0417.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0418.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0419.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0420.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0421.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0422.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0423.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0424.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0425.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0426.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0427.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0428.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0429.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0430.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0431.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0432.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0433.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0434.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0435.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0436.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0437.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0438.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0439.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0440.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0441.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0442.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0443.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0444.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0445.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0446.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\IMG_0447.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 Litchfield Jake\Thumbs.db
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0379.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0380.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0381.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0382.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0383.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0384.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0385.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0386.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0387.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0388.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0389.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0390.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0391.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0392.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0393.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0394.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0395.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0396.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0397.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0398.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0399.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0400.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0401.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0402.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0403.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0404.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0405.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0406.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0407.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0408.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0409.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0410.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0411.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0412.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0413.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\IMG_0414.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\Tess face.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2005 may june\Thumbs.db
File C:\Documents and Settings\All Users\Documents\My Pictures\2006 Jan 2.pvm
File C:\Documents and Settings\All Users\Documents\My Pictures\2006 June debate sign.pvm
File C:\Documents and Settings\All Users\Documents\My Pictures\2006 June sign etc
File C:\Documents and Settings\All Users\Documents\My Pictures\2006 June sign etc\IMG_0498.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006 June sign etc\IMG_0499.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006 June sign etc\IMG_0500.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006 June sign etc\IMG_0501.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006 June sign etc\IMG_0502.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006 June sign etc\IMG_0503.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006 May 20 [1].pvm
File C:\Documents and Settings\All Users\Documents\My Pictures\2006 May 20 [2].pvm
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0348.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0349.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0355.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0356.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0365.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0366.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0367.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0368.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0369.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0370.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0371.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0372.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0373.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0375.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0378.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0379.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0380.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0382.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0383.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0384.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0385.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0386.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0387.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0388.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0389.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0390.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0391.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0392.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0394.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0396.JPG
File C:\Documents and Set

#10 KevinMac

KevinMac
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 24 August 2006 - 10:27 AM

(See prior post for GMER log and update) Here's the new hijackthis log, which didn't fit in the prior post:

Logfile of HijackThis v1.99.1
Scan saved at 11:16:48 AM, on 8/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137218673\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Harmony Remote V5.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O18 - Protocol: bw+0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

There it is.

#11 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:15 AM

Posted 26 August 2006 - 02:24 AM

Hi KevinMac, :thumbsup:

File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0396.JPG
File C:\Documents and Set...............


Nothing wrong in the GMER report for as much I can see of it: unfortunately it's not complete. Can you check the report you have on your desktop? If that isn't complete either could you run GMER one more time and post the complete report?

Run HijackThis, click Scan and checkmark the following entry:

O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\

Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

Please post the GMER report together with a fresh HijackThis log.

#12 KevinMac

KevinMac
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 26 August 2006 - 03:08 PM

Sorry, Falu, and thanks again for sticking with this.
The GMER log was very long, and I think perhaps it didn't fit in one post.
Here's the second half of the GMER log (with some overlap just to make sure). The next post will have the fresh hijackthis log. By the way, the virus/malware seems to have something to do with my photos? It prevented me from accessing the all users folder, which was locked.

File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0348.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0349.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0355.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0356.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0365.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0366.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0367.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0368.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0369.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0370.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0371.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0372.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0373.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0375.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0378.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0379.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0380.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0382.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0383.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0384.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0385.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0386.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0387.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0388.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0389.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0390.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0391.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0392.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0394.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0396.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0397.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0398.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0399.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0401.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0402.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0403.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0404.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0405.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0406.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0408.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0409.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0410.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0411.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0412.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0413.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0414.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0415.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0416.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0417.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0419.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0420.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0421.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0422.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0423.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0424.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0425.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0426.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0427.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0428.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0429.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0430.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0431.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0432.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0433.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0434.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0435.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0436.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0437.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0438.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0439.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0440.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0441.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0442.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0443.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0444.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0445.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0446.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0447.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0448.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0449.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0450.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0451.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0452.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0453.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0454.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0455.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0456.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0457.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0458.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0459.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0460.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0461.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0462.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0463.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0464.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0465.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0466.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0467.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0468.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0469.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0470.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0471.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0472.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0473.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0474.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0475.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0476.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0477.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0478.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0479.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0480.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0481.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0482.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0483.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0484.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0485.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0487.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0488.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0489.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\IMG_0491.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-01 (Jan)-02\Thumbs.db
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0462.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0463.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0464.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0465.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0466.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0467.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0468.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0469.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0470.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0471.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0472.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0473.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0474.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0475.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0476.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0477.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0478.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0479.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0480.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0481.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0482.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0483.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0484.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0485.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0486.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0487.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0488.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0489.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0490.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0491.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0492.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0493.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0494.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0495.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0496.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\IMG_0497.JPG
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\jake jun prom 1.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\2006-05 (May)-20\jake jun prom 2.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\Album_6-22-2006
File C:\Documents and Settings\All Users\Documents\My Pictures\Album_6-22-2006\10A_0016.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\Album_6-22-2006\11A_0015.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\Album_6-22-2006\12A_0014.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\Album_6-22-2006\14A_0013.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\Album_6-22-2006\15A_0012.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\Album_6-22-2006\16A_0011.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\Album_6-22-2006\17A_0010.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\Album_6-22-2006\18A_0009.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\Album_6-22-2006\19A_0008.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\Album_6-22-2006\20A_0007.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\Album_6-22-2006\21A_0006.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\Album_6-22-2006\22A_0005.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\Album_6-22-2006\23A_0004.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\Album_6-22-2006\24A_0003.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\Album_6-22-2006\25A_0002.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\Album_6-22-2006\26A_0001.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\Album_6-22-2006\_9A_0017.jpg
File C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini
File C:\Documents and Settings\All Users\Documents\My Pictures\Scholastic Writing Awards.pvm
File C:\Documents and Settings\All Users\Documents\My Pictures\TESS pictures
File C:\Documents and Settings\All Users\Documents\My Videos
File C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini
---- EOF - GMER 1.0.10 ----

#13 KevinMac

KevinMac
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 26 August 2006 - 03:12 PM

And here's the fresh hijack this log. (Rest of GMER log in previous post.)
Oops, I ran it before scanning and fixing the one line you recommended, but I did it. Now my usb drive won't work so I can't get info from the working computer to the nonworking one. grr.

Logfile of HijackThis v1.99.1
Scan saved at 4:08:19 PM, on 8/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137218673\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Harmony Remote V5.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O18 - Protocol: bw+0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A84FEC9F-F23A-4944-9687-944BF68268E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\
[[NOTE: I scanned and removed this line after running this hjt log]]

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by KevinMac, 27 August 2006 - 12:38 AM.


#14 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:15 AM

Posted 27 August 2006 - 12:09 PM

Hi KevinMac, :thumbsup:

HijackThis log looks clean as does the GMER report.

...........the all users folder, which was locked.


Okay this was your explanation in your first post:

In regular mode, when I log on I just get wallpaper.
Internet doesn't work.
Access to All Users document folder is denied.


Let's see if we can solve those two problems:

1. Click Start > All Programs > Accessories > System Tools, and then click System Restore.* On the Welcome screen, click Restore my computer to an earlier time, and then click Next.
* On the Select a Restore Point page, select the date from the calendar that shows the point you'd like to restore to : click Next.
* On the Confirm Restore Point Selection page, verify that the correct restore point is chosen, and then close any open programs.
* Click Next if you are ready to proceed or click Back to change the restore point.
Reboot.

2. The following procedure will work in safe mode and normal mode.

Open Explorer, go to Tools and Folder Options, on the View tab, scroll to
the bottom of the list. If it shows "Enable Simple File Sharing", Deselect it, click Apply and Ok. If it shows nothing or won't let you make a change,
move on to the next step.

Navigate to the Files, right click, select Properties, go to the Security
tab, click Advanced, go to the Owner tab and select the user that was logged
on when you were refused permission to access the files. Click Apply and
Ok. Close the Properties box, reopen it, click Add and type in the name of
the user you just enabled. If you wish to set ownership for everything in
the folder, at the bottom of the Owner tab is the following selection:
"Replace owner on subcontainers and objects," select it as well.

Once complete, you should be able to do what you wish with these files when
you log back on as that user.

Reboot and let me know how it went.

#15 KevinMac

KevinMac
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 27 August 2006 - 10:04 PM

Falu, we're getting closer bit by bit. Your directions to unlock the all users folder worked fine. All my pictures aren't lost, after all! Hooray!

But system restore didn't work. I tried the earliest date, plus a couple of different later dates from before the problem arose. When the computer rebooted, each time it said "your computer cannot be restored to [date]" There are some later restore dates, but they are from after the problem started so I was afraid to try them.

Window still boots only in safe mode. In regular mode I only get wallpaper. Falu, this is a tough one, and I really appreciate your patience and effort.

EDIT: CORRECTION! When I went back downstairs, the computer had finally booted to windows (it was stuck on wallpaper when I left it). Here are the message windows I got:
HP Instant Share could not initialize. [that's a program for sharing photos]
(Says program is on CD-ROM) [Can't cancel-it just pops up again in an endless loop]
Please wait while windows configures instant share
Error 1706 No valid source. Window installer could not continue.
I put in the installation CD-ROM and HP share program installed OK. (I figured it was safe-it's program software from hewlett packard and I've installed from the same CDROM before.)
I'm still getting the message saying my computer doesn't have winsock 2.

Still not getting on internet. Now Computer is detecting my router but says it's not getting assigned an IP address (the other computers on the network are working fine.)

One other thing (this was happening for a long time before the problem started)
Every time windows boots, an explorer window comes up. It says "system 32-these files are hidden" I always just closed the explorer window and it never affected anything. Probably no big deal, but who knows...

Edited by KevinMac, 28 August 2006 - 01:09 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users