Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help Me


  • Please log in to reply
5 replies to this topic

#1 benrinaldi

benrinaldi

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 17 March 2007 - 06:43 PM

Hi all, thanks for this great site.

I hope I can be helped. Quite a while ago I was prompted to download netpumper to access a version number that would enable me to unlock a zip file for a film I downloaded. It didnt work, but eversince then I continuosly get popup ads every time I use internet explorer 7. They range from online casinos, ringtones, ebay ipods pages, adultfriendfinder, wallpapers, screensaver etc etc.

I thought I removed everything from add/remove programs that may have been associated with netpumper. I have used spybot, adaware, counterspy, etc. but still get the damn popups.

With spybot there was a log which could not be deleted, even directly from regedit.

HotsearchBar: User settings (Registry key, fixing failed)
HKEY_USERS\S-1-5-21-789336058-1275210071-839522115-500\Software\nsf82.dll

I dont know if this has something to do with my problem.

I have had some family members with more computer experience than I attempt to resolve without any luck.

My brother inlaw put me on to you guys and Hijackthis, I hope by posting this log my problem can be fixed.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:37:03 AM, on 18/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\Spyware\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Real Log Browse Road] C:\Documents and Settings\All Users\Application Data\Amen Else Real Log\Proc idol.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132438412625
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B58E97C-BB04-40A5-A955-D3820F4592C8}: NameServer = 4.2.2.2
O18 - Protocol: bw+0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsubleepa Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

--
End of file - 19423 bytes


Thanks for looking at my problem, I hope to hear back from you soon.

Regards
Ben.

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 18 March 2007 - 08:46 AM

Welcome to the BleepingComputer HijackThis forum benrinaldi :thumbsup:

Click on Start>Control Panel>Add/Remove Programs.
Uninstall/remove any of the following programs if listed:
Netpumper
Bitroll
Bitgrabber
CiD Help / CiD Manager
Download Plugin for Internet Explorer
Zone Media

This is because they are often bundled with the malware you are dealing with.
Don't worry if none of them are present.
If you happened to remove any of them please restart your pc.

******************************

Download NoLop.exe to your desktop.

* First close any other programs you have running as this will require a reboot.
* Double click NoLop.exe to run it.
* Then click the button labelled "Search and Destroy".
* When scanning is finished you will be prompted to reboot only if infected,click 'OK'.
* Now click the "REBOOT" Button.
* A Message should popup from NoLop, if not,double click the program again and it will finish.
Post the contents of C:\NoLop.log and a new Hijack This log into your next reply.

If you receive the error,that mscomctl.ocx or one of its dependencies are not correctly registered, please download this file to your 'System32' folder then rerun the program: http://www.boletrice.com/downloads/mscomctl.ocx
Posted Image
Posted Image

#3 benrinaldi

benrinaldi
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 18 March 2007 - 04:57 PM

Hi RichieUK, Thanks for taking the time in helping me out. :thumbsup:

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Administrator\Desktop
[19/03/2007]
[8:14:24 AM]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\AB930E48915080C0.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Acd Systems
C:\Documents and Settings\Administrator\Application Data\Adobe
C:\Documents and Settings\Administrator\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Ahead
C:\Documents and Settings\Administrator\Application Data\Apple Computer
C:\Documents and Settings\Administrator\Application Data\Arcsoft
C:\Documents and Settings\Administrator\Application Data\Cyberlink
C:\Documents and Settings\Administrator\Application Data\Google
C:\Documents and Settings\Administrator\Application Data\Help
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Intertrust
C:\Documents and Settings\Administrator\Application Data\Intervideo
C:\Documents and Settings\Administrator\Application Data\Keyhole
C:\Documents and Settings\Administrator\Application Data\Macromedia
C:\Documents and Settings\Administrator\Application Data\Media Player Classic
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Mozilla
C:\Documents and Settings\Administrator\Application Data\Msn6
C:\Documents and Settings\Administrator\Application Data\Nero
C:\Documents and Settings\Administrator\Application Data\Palo Alto Software
C:\Documents and Settings\Administrator\Application Data\Real
C:\Documents and Settings\Administrator\Application Data\Smartdraw
C:\Documents and Settings\Administrator\Application Data\Sun
C:\Documents and Settings\Administrator\Application Data\Utorrent
C:\Documents and Settings\Administrator\Application Data\Vlc
C:\Documents and Settings\All Users\Application Data\Acd Systems
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Amen Else Real Log
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Arcsoft
C:\Documents and Settings\All Users\Application Data\Canon
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Dvd Shrink
C:\Documents and Settings\All Users\Application Data\Knowledge Adventure
C:\Documents and Settings\All Users\Application Data\Mcafee
C:\Documents and Settings\All Users\Application Data\Mcafee.com
C:\Documents and Settings\All Users\Application Data\Mcafee.com Personal Firewall
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Popcap
C:\Documents and Settings\All Users\Application Data\Real -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Documents and Settings\All Users\Application Data\Ulead Systems
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Dad\Application Data\Microsoft
C:\Documents and Settings\Dad.bensons-e3ktdwy\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Live Else Beep -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Mcafee.com Personal Firewall
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:51:02 AM, on 19/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Administrator\Desktop\Spyware\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Real Log Browse Road] C:\Documents and Settings\All Users\Application Data\Amen Else Real Log\Proc idol.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132438412625
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B58E97C-BB04-40A5-A955-D3820F4592C8}: NameServer = 4.2.2.2
O18 - Protocol: bw+0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsubleepa Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

--
End of file - 19160 bytes



Regards Ben

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 19 March 2007 - 02:43 AM

Please make sure all hidden files are showing:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

*******************************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Real Log Browse Road] C:\Documents and Settings\All Users\Application Data\Amen Else Real Log\Proc idol.exe


Find and delete:
C:\Documents and Settings\All Users\Application Data\Amen Else Real Log
C:\Documents and Settings\Localservice\Application Data\Live Else Beep

Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

Post the AVG Anti Spyware report and a new Hijackthis log into your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image

#5 benrinaldi

benrinaldi
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 19 March 2007 - 10:33 AM

Hi RichieUK,

Seems to be fine, NO POPUPS so far :huh: :huh: :thumbsup: :flowers:

Thanks so much, your a genuis.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:17:54 AM 20/03/2007

+ Scan result:



HKLM\SOFTWARE\Classes\WinadX.Installer -> Adware.BlazeFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WinadX.Installer\CLSID -> Adware.BlazeFind : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A261F293-2C04-4BBD-AA9B-6F1BA36FDD42}\RP1047\A0281572.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
:mozilla.219:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.220:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.431:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.581:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.702:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.889:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.106:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.107:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.108:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.112:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.546:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.547:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.548:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.549:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.551:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.835:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.836:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.292:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.293:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.294:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.295:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.296:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.213:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.599:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.600:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.589:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.904:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned.
:mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.597:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.332:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.342:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.355:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.380:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.447:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.448:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.459:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.460:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.462:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.463:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.570:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.602:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.638:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.787:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.792:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.793:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.794:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.860:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.861:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.862:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.863:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wflikldzmgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjmywjdpwkq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.100:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.101:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.102:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.103:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.98:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.99:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.264:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.324:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.232:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.233:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.234:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.235:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.587:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.724:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.725:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.782:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.856:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.943:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.945:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.709:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.799:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned.
:mozilla.800:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned.
:mozilla.801:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned.
:mozilla.906:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.907:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.345:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.346:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.347:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.865:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.866:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@www.lop[1].txt -> TrackingCookie.Lop : Cleaned.
:mozilla.710:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.178:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.179:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.104:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.105:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.697:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.520:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.802:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.803:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.804:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.805:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.361:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.362:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.363:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.681:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.393:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.394:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.395:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.397:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.398:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.399:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.542:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.250:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.251:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.252:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.253:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.254:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.255:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.461:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.320:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.321:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.322:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.323:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.158:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.159:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.164:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.165:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.166:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.167:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.169:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.170:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.171:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.172:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.309:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.310:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.312:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.490:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.182:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.511:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.512:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.586:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.465:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.485:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.90:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.91:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.92:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.93:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.96:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.97:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a8ugksvl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:29:42 AM, on 20/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Documents and Settings\Administrator\Desktop\Spyware\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132438412625
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B58E97C-BB04-40A5-A955-D3820F4592C8}: NameServer = 4.2.2.2
O18 - Protocol: bw+0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A05BEF8A-6341-4ECD-AD59-F6C3EDA3AB2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsubleepa Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

--
End of file - 19206 bytes



Best Regards
Benrinaldi

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 19 March 2007 - 10:44 AM

Your log is clean :thumbsup:
If all's ok,please do the following:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading unselect 'Show hidden files and folders'.
* Re-check the 'Hide file extensions for known types' option.
* Re-check the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Turn 'System Restore' back on:
Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.

Create a new 'System Restore' point:
Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description,then click on 'Create',then click 'Close'.
The date and time is created automatically.

Read through the information found here,to help you prevent any possible future infections.
Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Please Note:
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6.0'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Online Installation, Multi-language' and save to your desktop.
7. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
8. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
9. Click the Change/Remove button.
10. Repeat as many times as necessary to remove each Java versions.
11. Reboot your computer once all Java components are removed.
12. Then from your desktop double-click on jre-6-windows-i586-iftw.
13. Allow it access to the internet,follow any prompts,it should install the latest version automatically.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users