Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nvvid.exe- No Disk Found"


  • Please log in to reply
16 replies to this topic

#1 ElvisS

ElvisS

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 20 September 2006 - 04:39 PM

I followed instructions but not sure if this is right.

Here is my log.



Logfile of HijackThis v1.99.1
Scan saved at 10:37:01 PM, on 9/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\desksite\bin\cma.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\NvVid.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\regscan.exe
C:\Program Files\Logitech\SetPoint\kem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Annie\Desktop\utorrent.exe
C:\PROGRA~1\YAHOO!\browser\ybrowser.exe
C:\Documents and Settings\Annie\Local Settings\Temp\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tesco.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco internet access
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\System32\req.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NvVideoCenter] C:\WINDOWS\System32\NvVid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\System32\regscan.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/...tivePreQual.cab
O18 - Protocol: bw+0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

BC AdBot (Login to Remove)

 


#2 ElvisS

ElvisS
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 22 September 2006 - 06:52 AM

This is getting worse. My internet connection cuts out and the NvVid.exe message pops up every 10 seconds.
Can anyone help?

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:48 PM

Posted 24 September 2006 - 10:16 AM

Hello ElvisS and welcome to the BC HijackThis forum. It appears that the log is too long to fit into a single post. Please rerun HijackThis and create a new log. Then split it in half and post the halves into 2 separate posts.

I will review them when they come in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 ElvisS

ElvisS
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 28 September 2006 - 12:58 PM

sorry i did'nt reply, I've been away.


here it is.


Logfile of HijackThis v1.99.1
Scan saved at 9:34:13 PM, on 9/27/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\desksite\bin\cma.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\NvVid.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\regscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\kem.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\PROGRA~1\YAHOO!\browser\ybrowser.exe
C:\Documents and Settings\Annie\Desktop\utorrent.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tesco.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco internet access
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\System32\req.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NvVideoCenter] C:\WINDOWS\System32\NvVid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\System32\regscan.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/...tivePreQual.cab
O18 - Protocol: bw+0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: req - C:\WINDOWS\System32\req.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: SvcSys - {9FEBDBEF-E957-4660-B841-744D02E297C6} - svcsys.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:48 PM

Posted 29 September 2006 - 04:04 PM

Hi ElvisS. Ok, let's start with an Ewido scan.

First download ewido anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Launch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan along with a new HijackThis log.
Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 ElvisS

ElvisS
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 03 October 2006 - 09:35 AM

I am having trouble getting my computer into Safe mode, does the scan have to be done while in it?

#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:48 PM

Posted 03 October 2006 - 07:13 PM

Hi ElvisS. The scan should be done from Safe Mode. If not, then the infection will be active and the chances to remove it are lower.

What happens when you go into Safe Mode?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 ElvisS

ElvisS
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 04 October 2006 - 06:46 PM

When i click safe mode, my computer freezes. I waited 5 minutes and still nothing. Is this common

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:48 PM

Posted 04 October 2006 - 07:42 PM

Hi ElvisS. There should not be anything to click.

Turn the computer off, then restart it. As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears. Use the arrow keys to select the Safe Mode menu item and then press the Enter key.

Do not try and restart the computer in Safe Mode while running in Normal mode.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 ElvisS

ElvisS
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 09 October 2006 - 03:33 PM

Safe mode is working now, I dont know what was wrong with it. I will do a full scan and then post the report and a new log. Thanks for your help

#11 ElvisS

ElvisS
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 19 October 2006 - 05:39 PM

apologies for the delay, here is my report


C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661185.dll -> Backdoor.Delf.aml : No action taken.
C:\WINDOWS\Downloaded Program Files\int_ver30.ocx -> Dialer.Creazione.w : No action taken.
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661202.exe -> Dialer.Salc : No action taken.
C:\mesetup.exe -> Downloader.Agent.aox : No action taken.
C:\WINDOWS\system32\regscan.exe -> Downloader.Agent.azr : No action taken.
C:\Program Files\Tesconet\bar.exe -> Downloader.Agent.dq : No action taken.
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661193.exe -> Downloader.Agent.eb : No action taken.
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661187.exe -> Downloader.Agent.eq : No action taken.
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP537\A0648173.DLL -> Downloader.ConHook.c : No action taken.
C:\Program Files\Tesconet\movie.exe -> Downloader.Delf.dc : No action taken.
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661194.exe -> Downloader.Delf.dc : No action taken.
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661195.exe -> Downloader.Delf.dc : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp -> Downloader.Delf.go : No action taken.
C:\Program Files\Internet Explorer\pvvnsgwr.exe -> Downloader.Delf.og : No action taken.
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661188.exe -> Downloader.Krepper.b : No action taken.
C:\eied_s7.cab/eied_s7_c_29.exe -> Downloader.Mediket.ae : No action taken.
C:\Documents and Settings\Lynsey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-4b4e04ec-283ba00d.class -> Downloader.OpenStream.y : No action taken.
C:\wertload.exe -> Downloader.Small : No action taken.
C:\jokload.exe -> Downloader.Small.aam : No action taken.
C:\meload.exe -> Downloader.Small.aam : No action taken.
C:\joksetup.exe -> Downloader.Small.crv : No action taken.
C:\explorer.cab/explorer.exe -> Downloader.Small.or : No action taken.
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661191.exe -> Downloader.Zdesnado.s : No action taken.
C:\1.exe -> Dropper.Delf.jm : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\HijackThis.exe -> Dropper.Small.apz : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\setup_wm.exe -> Dropper.Small.apz : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\yuc_setup.exe -> Dropper.Small.apz : No action taken.
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP537\A0648187.exe -> Dropper.Small.apz : No action taken.
C:\WINDOWS\sdd.exe -> Dropper.Small.apz : No action taken.
C:\Program Files\Tesconet\elite.exe -> Hijacker.Agent.af : No action taken.
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661192.exe -> Hijacker.Agent.af : No action taken.
C:\Program Files\Tesconet\lou34.exe -> Hijacker.Agent.v : No action taken.
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661189.exe -> Hijacker.Agent.v : No action taken.
C:\Program Files\Tesconet\good.exe -> Hijacker.StartPage.po : No action taken.
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661190.exe -> Hijacker.StartPage.po : No action taken.
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661186.dll -> Logger.Goldun.mm : No action taken.
C:\wertsetup.exe -> Logger.Goldun.mm : No action taken.
C:\Documents and Settings\Jordan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-17d434ef-5579ae18.class -> Not-A-Virus.Exploit.ByteVerify : No action taken.
C:\Documents and Settings\Jordan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-5614d664-4471cee1.class -> Not-A-Virus.Exploit.Java.Bytverify : No action taken.
C:\121690.exe -> Not-A-Virus.PornDownloader.Win32.TibSystems : No action taken.
C:\WINDOWS\sys2312.exe -> Proxy.Small.bh : No action taken.
C:\WINDOWS\sys2316.exe -> Proxy.Small.bh : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq92.tmp -> TrackingCookie.247realmedia : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@2o7[3].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@premiumtv.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp -> TrackingCookie.2o7 : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq93.tmp -> TrackingCookie.2o7 : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDC.tmp -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@admarketplace[1].txt -> TrackingCookie.Admarketplace : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@adrevolver[3].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@adrevolver[2].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@adrevolver[2].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC0.tmp -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq96.tmp -> TrackingCookie.Adtech : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDD.tmp -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Lynsey\Cookies\lynsey@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F.tmp -> TrackingCookie.Advertising : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq97.tmp -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@adviva[2].txt -> TrackingCookie.Adviva : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42.tmp -> TrackingCookie.Adviva : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq98.tmp -> TrackingCookie.Adviva : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Lynsey\Cookies\lynsey@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9A.tmp -> TrackingCookie.Atdmt : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC.tmp -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@bfast[2].txt -> TrackingCookie.Bfast : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13.tmp -> TrackingCookie.Bfast : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp -> TrackingCookie.Bfast : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9B.tmp -> TrackingCookie.Bluestreak : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9C.tmp -> TrackingCookie.Bluestreak : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp -> TrackingCookie.Burstnet : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9E.tmp -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@casalemedia[3].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9F.tmp -> TrackingCookie.Casalemedia : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA1.tmp -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@com[2].txt -> TrackingCookie.Com : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA3.tmp -> TrackingCookie.Com : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23.tmp -> TrackingCookie.Counted : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Lynsey\Cookies\lynsey@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F.tmp -> TrackingCookie.Doubleclick : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA4.tmp -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@estat[1].txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@adopt.euroclick[3].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@a.as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@as-eu.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@as-eu.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20.tmp -> TrackingCookie.Falkag : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq99.tmp -> TrackingCookie.Falkag : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA5.tmp -> TrackingCookie.Falkag : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA6.tmp -> TrackingCookie.Falkag : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC4.tmp -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@media.fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@media.fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@media.fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@media.fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp -> TrackingCookie.Fastclick : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA8.tmp -> TrackingCookie.Fastclick : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA9.tmp -> TrackingCookie.Fastclick : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp -> TrackingCookie.Findwhat : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21.tmp -> TrackingCookie.Goldenpalace : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@ehg-knightridder.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@ehg-knightridder.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@ehg-sigames.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@hitbox[3].txt -> TrackingCookie.Hitbox : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2B.tmp -> TrackingCookie.Hitbox : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp -> TrackingCookie.Hitbox : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp -> TrackingCookie.Hitbox : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44.tmp -> TrackingCookie.Hitbox : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45.tmp -> TrackingCookie.Hitbox : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAA.tmp -> TrackingCookie.Hitbox : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAB.tmp -> TrackingCookie.Hitbox : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAC.tmp -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@counter.hitslink[1].txt -> TrackingCookie.Hitslink : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18.tmp -> TrackingCookie.Hitslink : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp -> TrackingCookie.Hotlog : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD.tmp -> TrackingCookie.Linksynergy : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@image.masterstats[1].txt -> TrackingCookie.Masterstats : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@image.masterstats[1].txt -> TrackingCookie.Masterstats : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10.tmp -> TrackingCookie.Mediaplex : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAF.tmp -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@stat.onestat[2].txt -> TrackingCookie.Onestat : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B.tmp -> TrackingCookie.Onestat : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB8.tmp -> TrackingCookie.Onestat : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2F.tmp -> TrackingCookie.Paycounter : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDF.tmp -> TrackingCookie.Paycounter : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@paypopup[2].txt -> TrackingCookie.Paypopup : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@qksrv[2].txt -> TrackingCookie.Qksrv : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46.tmp -> TrackingCookie.Qksrv : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB0.tmp -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB1.tmp -> TrackingCookie.Questionmarket : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE0.tmp -> TrackingCookie.Questionmarket : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp -> TrackingCookie.Revenue : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB3.tmp -> TrackingCookie.Revenue : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28.tmp -> TrackingCookie.Ru4 : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq43.tmp -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24.tmp -> TrackingCookie.Serving-sys : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq33.tmp -> TrackingCookie.Serving-sys : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB4.tmp -> TrackingCookie.Serving-sys : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC2.tmp -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@sexlist[1].txt -> TrackingCookie.Sexlist : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34.tmp -> TrackingCookie.Sexlist : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE1.tmp -> TrackingCookie.Sexlist : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@counter12.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@counter13.sextracker[1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp -> TrackingCookie.Sextracker : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq37.tmp -> TrackingCookie.Sextracker : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp -> TrackingCookie.Sextracker : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39.tmp -> TrackingCookie.Sextracker : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq47.tmp -> TrackingCookie.Sextracker : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50.tmp -> TrackingCookie.Sextracker : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB5.tmp -> TrackingCookie.Sextracker : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB6.tmp -> TrackingCookie.Sextracker : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB7.tmp -> TrackingCookie.Sextracker : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE2.tmp -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11.tmp -> TrackingCookie.Statcounter : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq48.tmp -> TrackingCookie.Statcounter : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB9.tmp -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@anad.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp -> TrackingCookie.Tacoda : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> TrackingCookie.Tacoda : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12.tmp -> TrackingCookie.Targetnet : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBA.tmp -> TrackingCookie.Targetnet : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C.tmp -> TrackingCookie.Tradedoubler : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE4.tmp -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBB.tmp -> TrackingCookie.Trafficmp : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE5.tmp -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49.tmp -> TrackingCookie.Tribalfusion : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBC.tmp -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@valueclick[2].txt -> TrackingCookie.Valueclick : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBD.tmp -> TrackingCookie.Valueclick : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE6.tmp -> TrackingCookie.Valueclick : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3E.tmp -> TrackingCookie.Webtrendslive : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBE.tmp -> TrackingCookie.Webtrendslive : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A.tmp -> TrackingCookie.Xxxcounter : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBF.tmp -> TrackingCookie.Xxxcounter : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Jordan\Cookies\jordan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1.tmp -> TrackingCookie.Yieldmanager : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Annie\Cookies\annie@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F.tmp -> TrackingCookie.Zedo : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC1.tmp -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\SVCHOST.DLL -> Trojan.Agent.cl : No action taken.
C:\WINDOWS\hgfhf.dll -> Trojan.Agent.cl : No action taken.
C:\57546148.exe -> Trojan.Agent.rw : No action taken.
C:\Documents and Settings\Jordan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-6423eb4-39eeb1bc.class -> Trojan.ClassLoader.c : No action taken.
C:\Documents and Settings\Jordan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-5aaceb0e-1b7e8c71.class -> Trojan.ClassLoader.Dummy.d : No action taken.
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661200.dll -> Trojan.Delf.cf : No action taken.
C:\WINDOWS\Downloaded Program Files\dbaccess.exe -> Trojan.Dialer.gp : No action taken.
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661196.exe -> Trojan.Favadd.c : No action taken.
C:\Documents and Settings\Jordan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-7e891482-6aa2252f.class -> Trojan.Femad : No action taken.
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP467\A0590674.old -> Trojan.Ilono : No action taken.
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP485\A0606694.old -> Trojan.Ilono : No action taken.
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661197.sys -> Trojan.Kolweb.a : No action taken.
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661198.exe -> Trojan.Kolweb.a : No action taken.
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661199.dll -> Trojan.Kolweb.a : No action taken.
C:\WINDOWS\12x.sys -> Trojan.Kolweb.a : No action taken.
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661201.exe -> Trojan.Kolweb.d : No action taken.


::Report end



here is my log. thanks.

Logfile of HijackThis v1.99.1
Scan saved at 11:33:33 PM, on 10/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\desksite\bin\cma.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\regscan.exe
C:\Program Files\Logitech\SetPoint\kem.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tesco.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco internet access
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\System32\regscan.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/...tivePreQual.cab
O18 - Protocol: bw+0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: req - C:\WINDOWS\System32\req.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: SvcSys - {9FEBDBEF-E957-4660-B841-744D02E297C6} - svcsys.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:48 PM

Posted 21 October 2006 - 07:46 AM

Hi ElvisS. It does not appear that Ewido was configured to quarantine the items that it found. All of the items show that no action was taken.

Please go back to my previous post on setting up Ewido and make sure that Ewido is configured as directed. Then, print the directions off so you have them when you boot into Safe Mode and follow those directions as shown.

After the Ewido scan post the new log file back here along sith a new HijackThis log and I will review them when they come in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 ElvisS

ElvisS
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 24 October 2006 - 09:49 AM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 3:37:58

+ Scan result:



C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661185.dll -> Backdoor.Delf.aml : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\int_ver30.ocx -> Dialer.Creazione.w : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661202.exe -> Dialer.Salc : Cleaned with backup (quarantined).
C:\mesetup.exe -> Downloader.Agent.aox : Cleaned with backup (quarantined).
C:\WINDOWS\system32\regscan.exe -> Downloader.Agent.azr : Cleaned with backup (quarantined).
C:\Program Files\Tesconet\bar.exe -> Downloader.Agent.dq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661193.exe -> Downloader.Agent.eb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661187.exe -> Downloader.Agent.eq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP537\A0648173.DLL -> Downloader.ConHook.c : Cleaned with backup (quarantined).
C:\Program Files\Tesconet\movie.exe -> Downloader.Delf.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661194.exe -> Downloader.Delf.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661195.exe -> Downloader.Delf.dc : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp -> Downloader.Delf.go : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\pvvnsgwr.exe -> Downloader.Delf.og : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661188.exe -> Downloader.Krepper.b : Cleaned with backup (quarantined).
C:\eied_s7.cab/eied_s7_c_29.exe -> Downloader.Mediket.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Lynsey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-4b4e04ec-283ba00d.class -> Downloader.OpenStream.y : Cleaned with backup (quarantined).
C:\wertload.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\jokload.exe -> Downloader.Small.aam : Cleaned with backup (quarantined).
C:\meload.exe -> Downloader.Small.aam : Cleaned with backup (quarantined).
C:\joksetup.exe -> Downloader.Small.crv : Cleaned with backup (quarantined).
C:\explorer.cab/explorer.exe -> Downloader.Small.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661191.exe -> Downloader.Zdesnado.s : Cleaned with backup (quarantined).
C:\1.exe -> Dropper.Delf.jm : Cleaned with backup (quarantined).
C:\Documents and Settings\Annie\Local Settings\Temp\HijackThis.exe -> Dropper.Small.apz : Cleaned with backup (quarantined).
C:\Documents and Settings\Annie\Local Settings\Temp\setup_wm.exe -> Dropper.Small.apz : Cleaned with backup (quarantined).
C:\Documents and Settings\Annie\Local Settings\Temp\yuc_setup.exe -> Dropper.Small.apz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP537\A0648187.exe -> Dropper.Small.apz : Cleaned with backup (quarantined).
C:\WINDOWS\sdd.exe -> Dropper.Small.apz : Cleaned with backup (quarantined).
C:\Program Files\Tesconet\elite.exe -> Hijacker.Agent.af : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661192.exe -> Hijacker.Agent.af : Cleaned with backup (quarantined).
C:\Program Files\Tesconet\lou34.exe -> Hijacker.Agent.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661189.exe -> Hijacker.Agent.v : Cleaned with backup (quarantined).
C:\Program Files\Tesconet\good.exe -> Hijacker.StartPage.po : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661190.exe -> Hijacker.StartPage.po : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661186.dll -> Logger.Goldun.mm : Cleaned with backup (quarantined).
C:\wertsetup.exe -> Logger.Goldun.mm : Cleaned with backup (quarantined).
C:\Documents and Settings\Jordan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-17d434ef-5579ae18.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Jordan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-5614d664-4471cee1.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup (quarantined).
C:\121690.exe -> Not-A-Virus.PornDownloader.Win32.TibSystems : Cleaned with backup (quarantined).
C:\WINDOWS\sys2312.exe -> Proxy.Small.bh : Cleaned with backup (quarantined).
C:\WINDOWS\sys2316.exe -> Proxy.Small.bh : Cleaned with backup (quarantined).
C:\Documents and Settings\Annie\Cookies\annie@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq92.tmp -> TrackingCookie.247realmedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@2o7[3].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@premiumtv.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq93.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDC.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC0.tmp -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq96.tmp -> TrackingCookie.Adtech : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDD.tmp -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Lynsey\Cookies\lynsey@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq97.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Lynsey\Cookies\lynsey@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42.tmp -> TrackingCookie.Adviva : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq98.tmp -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Lynsey\Cookies\lynsey@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9A.tmp -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC.tmp -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13.tmp -> TrackingCookie.Bfast : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9B.tmp -> TrackingCookie.Bluestreak : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9C.tmp -> TrackingCookie.Bluestreak : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9E.tmp -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@casalemedia[3].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9F.tmp -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA1.tmp -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA3.tmp -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@test.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23.tmp -> TrackingCookie.Counted : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Lynsey\Cookies\lynsey@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F.tmp -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA4.tmp -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@adopt.euroclick[3].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@a.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@as-us.falkag[3].txt -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20.tmp -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq99.tmp -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA5.tmp -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA6.tmp -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC4.tmp -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA8.tmp -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA9.tmp -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp -> TrackingCookie.Findwhat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21.tmp -> TrackingCookie.Goldenpalace : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@ehg-knightridder.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@ehg-ladbrokes.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@ehg-sigames.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@ehg-knightridder.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@ehg-sigames.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@ehg-sonycomputer.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2B.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAA.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAB.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAC.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18.tmp -> TrackingCookie.Hitslink : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp -> TrackingCookie.Hotlog : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD.tmp -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10.tmp -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAF.tmp -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B.tmp -> TrackingCookie.Onestat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB8.tmp -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2F.tmp -> TrackingCookie.Paycounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDF.tmp -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46.tmp -> TrackingCookie.Qksrv : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB0.tmp -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB1.tmp -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE0.tmp -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp -> TrackingCookie.Revenue : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB3.tmp -> TrackingCookie.Revenue : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28.tmp -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq43.tmp -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq33.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB4.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC2.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34.tmp -> TrackingCookie.Sexlist : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE1.tmp -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@counter3.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@counter12.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@counter13.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq37.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq47.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB5.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB6.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB7.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE2.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq48.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB9.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12.tmp -> TrackingCookie.Targetnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBA.tmp -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C.tmp -> TrackingCookie.Tradedoubler : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE4.tmp -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBB.tmp -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE5.tmp -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49.tmp -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBC.tmp -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBD.tmp -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE6.tmp -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3E.tmp -> TrackingCookie.Webtrendslive : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBE.tmp -> TrackingCookie.Webtrendslive : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A.tmp -> TrackingCookie.Xxxcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBF.tmp -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Annie\Local Settings\Temp\Cookies\annie@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jordan\Cookies\jordan@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Annie\Cookies\annie@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F.tmp -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC1.tmp -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\SVCHOST.DLL -> Trojan.Agent.cl : Cleaned with backup (quarantined).
C:\WINDOWS\hgfhf.dll -> Trojan.Agent.cl : Cleaned with backup (quarantined).
C:\57546148.exe -> Trojan.Agent.rw : Cleaned with backup (quarantined).
C:\Documents and Settings\Jordan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-6423eb4-39eeb1bc.class -> Trojan.ClassLoader.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Jordan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-5aaceb0e-1b7e8c71.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661200.dll -> Trojan.Delf.cf : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\dbaccess.exe -> Trojan.Dialer.gp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661196.exe -> Trojan.Favadd.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Jordan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-7e891482-6aa2252f.class -> Trojan.Femad : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP467\A0590674.old -> Trojan.Ilono : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP485\A0606694.old -> Trojan.Ilono : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661197.sys -> Trojan.Kolweb.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661198.exe -> Trojan.Kolweb.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661199.dll -> Trojan.Kolweb.a : Cleaned with backup (quarantined).
C:\WINDOWS\12x.sys -> Trojan.Kolweb.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B55412FC-8BE6-40A6-9CEE-BEFFE9DD62A0}\RP542\A0661201.exe -> Trojan.Kolweb.d : Cleaned with backup (quarantined).


::Report end

#14 ElvisS

ElvisS
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 24 October 2006 - 09:50 AM

Logfile of HijackThis v1.99.1
Scan saved at 3:47:59 PM, on 10/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\desksite\bin\cma.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\kem.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\YAHOO!\browser\ybrowser.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tesco.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco internet access
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/...tivePreQual.cab
O18 - Protocol: bw+0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {506B6955-1B8C-43A7-8E1E-20DDDEF82477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: req - C:\WINDOWS\System32\req.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: SvcSys - {9FEBDBEF-E957-4660-B841-744D02E297C6} - svcsys.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

#15 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:48 PM

Posted 24 October 2006 - 05:05 PM

Hi ElvisS. That looks much better. Now let's do a little final cleanup.

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
O20 - Winlogon Notify: req - C:\WINDOWS\System32\req.dll (file missing)
O21 - SSODL: SvcSys - {9FEBDBEF-E957-4660-B841-744D02E297C6} - svcsys.dll (file missing)

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

I do not see any anti-virus running on this computer. I highly recommend that one be installed and kept updated. There are some very good free ones available. Here are a couple of them:OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users