Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virusburst That Cannot Be Removed...


  • This topic is locked This topic is locked
8 replies to this topic

#1 freedom_yeah_right

freedom_yeah_right

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 29 October 2006 - 10:06 AM

Logfile of HijackThis v1.99.1
Scan saved at 4:55:38 μμ, on 29/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
I:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
I:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
I:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
I:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
I:\Program Files\ChrisTV\ChrisTV_Agent.exe
C:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Logitech\Profiler\lwemon.exe
I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
I:\Program Files\Internet Download Manager\IDMan.exe
i:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
i:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
I:\Program Files\Logitech\SetPoint\SetPoint.exe
I:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
i:\Program Files\TechniSat DVB\bin\Server4PC.exe
i:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
i:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\Pinnacle\Pinnacle PCTV\Vision\Vision.exe
i:\PROGRA~1\Pinnacle\SHARED~1\Filter\server.exe
i:\PROGRA~1\Pinnacle\SHARED~1\Filter\VBI_SE~1.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Ego\LOCALS~1\Temp\Rar$EX00.109\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - I:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "i:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [avast!] i:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DAEMON Tools] "i:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InstantAccess] i:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] i:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [Launcher.exe] C:\Program Files\ABF software\ABF Magnifying Tools\Launcher.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "I:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ChrisTV Agent] "I:\Program Files\ChrisTV\ChrisTV_Agent.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] i:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "i:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VoipBuster] "i:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Start WingMan Profiler] "i:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [LDM] i:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IDMan] I:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = I:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Server4PC.lnk = I:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All Links with IDM - I:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - I:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maps.flash.gr/inc/activex/mgaxctrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96624971-0140-4D87-8103-CF3235E2B781}: NameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD92453D-17CC-4D93-BED8-59420FF70C6D}: NameServer = 10.0.0.138
O18 - Protocol: bw+0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - C:\WINDOWS\system32\rrtcany.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - i:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - i:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - i:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - i:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

BC AdBot (Login to Remove)

 


#2 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:01:27 AM

Posted 29 October 2006 - 11:17 AM

Welcome to Bleeping Computer, freedom_yeah_right.

* You need to extract (unzip) HijackThis first. Otherwise the backups made when items are fixed won't be secure. The easiest way to accomplish this is to reinstall and delete any copies of HijackThis.zip you have saved.

Please download the self-extracting version of HijackThis from here:

HijackThis_sfx download

Save HijackThis_sfx to your desktop.

Double-click the file then click the Unzip button. Then close the Self-Extractor window.

Using My Computer/Windows Explorer, navigate to C:\Program Files\HijackThis and double click on HijackThis.exe to run it. If you would like to make a shortcut for your Desktop so it's more easily accessable, right click HijackThis.exe and choose Send To > Desktop (create shortcut).

Please run the extracted HijackThis.exe from now on. Delete any copies of HijackThis.zip that you have saved.

* Please download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Edited by stonangel, 29 October 2006 - 11:17 AM.

Posted ImagePosted Image

Olivier

#3 freedom_yeah_right

freedom_yeah_right
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 30 October 2006 - 03:17 PM

Thanx for the help!

________________________________________________________________________________________
SmitFraudFix v2.117

Scan done at 22:12:24,26, œ 30/10/2006
Run from D:\Installation Files\Antivirus\VirusBurst remover\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32

C:\WINDOWS\system32\rrtcany.dll FOUND !

C:\Documents and Settings\Ego


C:\Documents and Settings\Ego\Application Data


Start Menu


C:\DOCUME~1\Ego\FAVORI~1


Desktop


C:\Program Files

C:\Program Files\VideoKeyCodec\ FOUND !

Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{27321538-5739-4aa1-b84c-7d18e4383f1f}"="ferrateen"

[HKEY_CLASSES_ROOT\CLSID\{27321538-5739-4aa1-b84c-7d18e4383f1f}\InProcServer32]
@="C:\WINDOWS\system32\rrtcany.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{27321538-5739-4aa1-b84c-7d18e4383f1f}\InProcServer32]
@="C:\WINDOWS\system32\rrtcany.dll"



AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


pe386-msguard-lzx32


Scanning wininet.dll infection


End


_____________________________________________________________________________________


Logfile of HijackThis v1.99.1
Scan saved at 10:11:40 μμ, on 30/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
I:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
I:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
I:\Program Files\ChrisTV\ChrisTV_Agent.exe
C:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Logitech\Profiler\lwemon.exe
I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
I:\Program Files\Internet Download Manager\IDMan.exe
I:\Program Files\Logitech\SetPoint\SetPoint.exe
I:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
i:\Program Files\TechniSat DVB\bin\Server4PC.exe
i:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
i:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
i:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
i:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
i:\Program Files\RealVNC\VNC4\WinVNC4.exe
I:\Program Files\Mozilla Firefox\firefox.exe
i:\PROGRA~1\Pinnacle\SHARED~1\Filter\server.exe
C:\Program Files\WinRAR\WinRAR.exe
I:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
D:\Installation Files\Antivirus\VirusBurst remover\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - I:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "i:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [avast!] i:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DAEMON Tools] "i:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Launcher.exe] C:\Program Files\ABF software\ABF Magnifying Tools\Launcher.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ChrisTV Agent] "I:\Program Files\ChrisTV\ChrisTV_Agent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "i:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VoipBuster] "i:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Start WingMan Profiler] "i:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [LDM] i:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IDMan] I:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = I:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Server4PC.lnk = I:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All Links with IDM - I:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - I:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maps.flash.gr/inc/activex/mgaxctrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96624971-0140-4D87-8103-CF3235E2B781}: NameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD92453D-17CC-4D93-BED8-59420FF70C6D}: NameServer = 10.0.0.138
O18 - Protocol: bw+0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - C:\WINDOWS\system32\rrtcany.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - i:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - i:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - i:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - i:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - i:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

#4 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:01:27 AM

Posted 30 October 2006 - 03:37 PM

Hi freedom_yeah_right,

* You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

* First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

* Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

* Still in Safe mode,

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the C:\rapport.txt, the AVG Anti-Spyware report scan and a new hijackthis log, please.

Edited by stonangel, 30 October 2006 - 03:38 PM.

Posted ImagePosted Image

Olivier

#5 freedom_yeah_right

freedom_yeah_right
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 04 November 2006 - 05:47 AM

It seem we've made it! No more that annoying message "Critical System Error". For vrification I attach the lof files. Thanx a lot!


Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{27321538-5739-4aa1-b84c-7d18e4383f1f}"="ferrateen"

[HKEY_CLASSES_ROOT\CLSID\{27321538-5739-4aa1-b84c-7d18e4383f1f}\InProcServer32]
@="C:\WINDOWS\system32\rrtcany.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{27321538-5739-4aa1-b84c-7d18e4383f1f}\InProcServer32]
@="C:\WINDOWS\system32\rrtcany.dll"


Killing process


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\WINDOWS\system32\rrtcany.dll Deleted
C:\Program Files\VideoKeyCodec\ Deleted

Deleting Temp Files


Registry Cleaning

Registry Cleaning done.

After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:36:13 μμ 4/11/2006

+ Scan result:



I:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned.
D:\Installation Files\Caller ID Software\crack-moony306.zip/start.exe -> Downloader.IstBar : Cleaned.
D:\Installation Files\GPL\gplnocd_gb.zip/gpl10_orig.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
D:\Installation Files\GPL\gplnocd_gb.zip/gpl11_ITA.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
D:\Installation Files\GPL\gplnocd_gb.zip/gpl12_ITA.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
D:\Installation Files\GPL\gplnocd_gb.zip/gpl12_uk.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
D:\Installation Files\Guitar FX Box 2.6\GuitarFX Box 2.6 95 Working crack by MaNDRaKe.zip/GFXG-Crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
I:\Program Files\Guitar FX BOX 2.6\GFXG-Crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
:mozilla.738:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.324:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.325:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.326:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.327:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.328:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.329:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.330:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.331:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.332:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.333:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.334:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.335:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.336:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.337:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.338:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.339:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.340:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.341:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.342:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.343:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.344:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.345:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.346:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.347:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.348:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.349:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.350:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.459:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.553:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.564:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.650:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.684:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.692:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.878:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ego\Cookies\ego@eurisko.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ego\Cookies\ego@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ego\Cookies\ego@pinnaclesystems.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.450:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Ego\Cookies\ego@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.846:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.497:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.498:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.103:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.742:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.858:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.859:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.230:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.231:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.526:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.522:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.813:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Ego\Cookies\ego@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.173:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.174:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.175:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.877:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.879:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.126:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.718:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.118:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.119:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.232:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.306:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.219:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.220:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.420:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.481:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.530:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.237:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.238:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.239:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.241:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.189:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.546:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.605:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.606:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.607:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.653:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.655:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.671:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.672:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.673:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.102:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.195:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.196:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.197:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.198:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.199:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.200:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.201:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.202:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.203:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.204:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.800:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.801:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.802:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.803:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.660:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.661:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.848:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.470:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.471:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.472:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.473:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.475:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.418:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.190:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.139:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.144:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.145:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.146:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.147:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.148:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.149:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.150:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.151:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.152:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.153:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.154:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.155:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.156:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.157:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.158:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.159:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.160:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.161:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.162:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.163:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.164:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.165:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.166:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.167:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.709:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.710:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.183:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.184:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.180:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.181:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.182:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.424:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.689:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.128:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.130:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.465:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.466:C:\Documents and Settings\Ego\Application Data\Mozilla\Firefox\Profiles\w5gkdle2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

#6 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:01:27 AM

Posted 04 November 2006 - 06:55 AM

Hi freedom_yeah_right,

* Could you post back a new hijackthis log, please?
Posted ImagePosted Image

Olivier

#7 freedom_yeah_right

freedom_yeah_right
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 04 November 2006 - 05:20 PM

Sure, here it is:

Logfile of HijackThis v1.99.1
Scan saved at 12:17:41 πμ, on 5/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
I:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
I:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
I:\Program Files\ChrisTV\ChrisTV_Agent.exe
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Logitech\Profiler\lwemon.exe
I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
I:\Program Files\Internet Download Manager\IDMan.exe
I:\Program Files\Logitech\SetPoint\SetPoint.exe
I:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
I:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
i:\Program Files\TechniSat DVB\bin\Server4PC.exe
i:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
i:\Program Files\Alwil Software\Avast4\ashServ.exe
i:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
i:\Program Files\RealVNC\VNC4\WinVNC4.exe
i:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
i:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
I:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\NOTEPAD.EXE
I:\Program Files\Pinnacle\Pinnacle PCTV\Vision\Vision.exe
i:\PROGRA~1\Pinnacle\SHARED~1\Filter\server.exe
i:\PROGRA~1\Pinnacle\SHARED~1\Filter\VBI_SE~1.EXE
i:\Program Files\DynDNS Updater\DynDNS.exe
D:\Installation Files\HiJackThis\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - I:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "i:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [avast!] i:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DAEMON Tools] "i:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Launcher.exe] C:\Program Files\ABF software\ABF Magnifying Tools\Launcher.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ChrisTV Agent] "I:\Program Files\ChrisTV\ChrisTV_Agent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "i:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "i:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VoipBuster] "i:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Start WingMan Profiler] "i:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [LDM] i:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IDMan] I:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = I:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Monitor Apache Servers.lnk = I:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: Server4PC.lnk = I:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://I:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All Links with IDM - I:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - I:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maps.flash.gr/inc/activex/mgaxctrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96624971-0140-4D87-8103-CF3235E2B781}: NameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD92453D-17CC-4D93-BED8-59420FF70C6D}: NameServer = 10.0.0.138
O18 - Protocol: bw+0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CCF43EA7-91CB-4927-BA1D-4D0D24B2A8BA} - i:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - I:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - i:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - i:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - i:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - i:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - i:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - i:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)



Cheers!

#8 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:01:27 AM

Posted 05 November 2006 - 06:03 AM

Hi freedom_yeah_right,

Seems to be fine. Just a minor things to do.

* Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
* Post back a new hijackthis log and tell us how the computer is running now, please.
Posted ImagePosted Image

Olivier

#9 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:01:27 AM

Posted 12 November 2006 - 06:46 AM

Due to the lack of feedback, this topic is closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted ImagePosted Image

Olivier




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users