Tech Support Guy banner
Cancel

Solved: HELP Me please

Jump to Latest Follow
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 17 of 17 Posts
N

· Registered
Joined
·
36 Posts
Discussion Starter · #1 ·
Hi.. I'm having a lot of trouble with my computer. I have a Yahoo made system scan and it uncovered a lot of infected files with a trojan and other viruses. The computer seems to be working ok... except for how "My documents" keeps opening after I log in. Can you help see what's going on and fix it? Please.. and Thank-you

Here is my HJT report

Logfile of HijackThis v1.99.1
Scan saved at 2:02:21 PM, on 1/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\HAOCHI~1\LOCALS~1\Temp\Rar$EX00.032\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe,regdisk16.exe -shell
O1 - Hosts: 127.30.20.126 www.symantec.com
O1 - Hosts: 127.36.217.202 securityresponse.symantec.com
O1 - Hosts: 127.150.86.208 symantec.com
O1 - Hosts: 127.18.214.18 www.mcafee.com
O1 - Hosts: 127.108.230.56 mcafee.com
O1 - Hosts: 127.244.125.91 us.mcafee.com
O1 - Hosts: 127.228.76.227 www.sophos.com
O1 - Hosts: 127.212.71.84 sophos.com
O1 - Hosts: 127.64.147.109 www.viruslist.com
O1 - Hosts: 127.168.160.12 viruslist.com
O1 - Hosts: 127.208.200.54 f-secure.com
O1 - Hosts: 127.109.184.42 www.f-secure.com
O1 - Hosts: 127.31.192.161 kaspersky.com
O1 - Hosts: 127.216.200.2 www.avp.com
O1 - Hosts: 127.18.137.110 www.kaspersky.com
O1 - Hosts: 127.143.125.156 avp.com
O1 - Hosts: 127.87.33.168 www.networkassociates.com
O1 - Hosts: 127.226.145.2 networkassociates.com
O1 - Hosts: 127.120.67.224 www.ca.com
O1 - Hosts: 127.124.187.110 ca.com
O1 - Hosts: 127.106.93.176 my-etrust.com
O1 - Hosts: 127.136.117.52 www.my-etrust.com
O1 - Hosts: 127.117.32.183 secure.nai.com
O1 - Hosts: 127.60.83.122 nai.com
O1 - Hosts: 127.190.33.143 www.nai.com
O1 - Hosts: 127.201.218.27 trendmicro.com
O1 - Hosts: 127.233.123.102 www.trendmicro.com
O1 - Hosts: 127.29.19.76 housecall.trendmicro.com
O1 - Hosts: 127.130.130.77 www.pandasoftware.com
O1 - Hosts: 127.255.92.212 www.bitdefender.com
O1 - Hosts: 127.49.219.80 www.ravantivirus.com
O1 - Hosts: 127.107.27.254 www3.ca.com
O1 - Hosts: 127.227.152.244 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.58.92.141 v5.windowsupdate.microsoft.com
O1 - Hosts: 127.113.46.182 v5windowsupdate.microsoft.nsatc.net
O1 - Hosts: 127.113.140.85 windowsupdate.microsoft.com
O1 - Hosts: 127.112.87.151 www.windowsupdate.com
O1 - Hosts: 127.219.200.73 windowsupdate.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mqsBar BHO - {0E677221-E309-4341-81BD-3CC3018BF5B3} - C:\Program Files\MyQuickSearch\bar\1.bin\MQSBAR.DLL (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: My &Quick Search - {0E677229-E309-4341-81BD-3CC3018BF5B3} - C:\Program Files\MyQuickSearch\bar\1.bin\MQSBAR.DLL (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [System Update Service] wmiprvsc.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [apvxdwin.exe] apvxdwin.exe
O4 - HKLM\..\Run: [CheckMonitor] regdisk16.exe -services
O4 - HKLM\..\Run: [mswnvmx32] explorer
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [imjpmig] C:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\RunServices: [System Update Service] wmiprvsc.exe
O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
O4 - HKLM\..\RunServices: [CheckMonitor] regdisk16.exe -services
O4 - HKCU\..\Run: [ppcload] C:\WINDOWS\System32\ppcload.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [apvxdwin.exe] apvxdwin.exe
O4 - HKCU\..\Run: [CheckMonitor] regdisk16.exe -drivers
O4 - HKCU\..\Run: [IPConfig] svcxnw32.exe
O4 - HKCU\..\Run: [Shell API32] svcnet.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [196_150_ni] C:\WINDOWS\System32\196_150_ni.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [197_150_ni_7] C:\WINDOWS\System32\197_150_ni_7.exe
O4 - HKCU\..\Run: [198_150_ni_5] "C:\Documents and Settings\Hao Chiang Yu\198_150_ni_5.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126026583859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155273153650
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: bw+0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
 
Cheeseball81

· Retired Moderator
Joined
·
84,466 Posts
#2 ·
You're VERY infected, we have a lot to do

Download AVG Anti-Spyware from HERE and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.

  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
  4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
  1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
  2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG will now begin the scanning process. Please be patient as this may take a little time.
    Once the scan is complete, do the following:
  5. If you have any infections you will be prompted. Then select "Apply all actions."
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
 
N

· Registered
Joined
·
36 Posts
Discussion Starter · #3 ·
Here are the reports from AVG and Hijackthis. But for some reason when I try to go to the Panda's ActiveScan website, I could not access it as it would always say "This page cannot be displaced."

Logfile of HijackThis v1.99.1
Scan saved at 8:45:35 AM, on 1/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Hao Chiang Yu\Desktop\Internet Security\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe,regdisk16.exe -shell
O1 - Hosts: 127.30.20.126 www.symantec.com
O1 - Hosts: 127.36.217.202 securityresponse.symantec.com
O1 - Hosts: 127.150.86.208 symantec.com
O1 - Hosts: 127.18.214.18 www.mcafee.com
O1 - Hosts: 127.108.230.56 mcafee.com
O1 - Hosts: 127.244.125.91 us.mcafee.com
O1 - Hosts: 127.228.76.227 www.sophos.com
O1 - Hosts: 127.212.71.84 sophos.com
O1 - Hosts: 127.64.147.109 www.viruslist.com
O1 - Hosts: 127.168.160.12 viruslist.com
O1 - Hosts: 127.208.200.54 f-secure.com
O1 - Hosts: 127.109.184.42 www.f-secure.com
O1 - Hosts: 127.31.192.161 kaspersky.com
O1 - Hosts: 127.216.200.2 www.avp.com
O1 - Hosts: 127.18.137.110 www.kaspersky.com
O1 - Hosts: 127.143.125.156 avp.com
O1 - Hosts: 127.87.33.168 www.networkassociates.com
O1 - Hosts: 127.226.145.2 networkassociates.com
O1 - Hosts: 127.120.67.224 www.ca.com
O1 - Hosts: 127.124.187.110 ca.com
O1 - Hosts: 127.106.93.176 my-etrust.com
O1 - Hosts: 127.136.117.52 www.my-etrust.com
O1 - Hosts: 127.117.32.183 secure.nai.com
O1 - Hosts: 127.60.83.122 nai.com
O1 - Hosts: 127.190.33.143 www.nai.com
O1 - Hosts: 127.201.218.27 trendmicro.com
O1 - Hosts: 127.233.123.102 www.trendmicro.com
O1 - Hosts: 127.29.19.76 housecall.trendmicro.com
O1 - Hosts: 127.130.130.77 www.pandasoftware.com
O1 - Hosts: 127.255.92.212 www.bitdefender.com
O1 - Hosts: 127.49.219.80 www.ravantivirus.com
O1 - Hosts: 127.107.27.254 www3.ca.com
O1 - Hosts: 127.227.152.244 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.58.92.141 v5.windowsupdate.microsoft.com
O1 - Hosts: 127.113.46.182 v5windowsupdate.microsoft.nsatc.net
O1 - Hosts: 127.113.140.85 windowsupdate.microsoft.com
O1 - Hosts: 127.112.87.151 www.windowsupdate.com
O1 - Hosts: 127.219.200.73 windowsupdate.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mqsBar BHO - {0E677221-E309-4341-81BD-3CC3018BF5B3} - C:\Program Files\MyQuickSearch\bar\1.bin\MQSBAR.DLL (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: My &Quick Search - {0E677229-E309-4341-81BD-3CC3018BF5B3} - C:\Program Files\MyQuickSearch\bar\1.bin\MQSBAR.DLL (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [System Update Service] wmiprvsc.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [apvxdwin.exe] apvxdwin.exe
O4 - HKLM\..\Run: [CheckMonitor] regdisk16.exe -services
O4 - HKLM\..\Run: [mswnvmx32] explorer
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [imjpmig] C:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [System Update Service] wmiprvsc.exe
O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
O4 - HKLM\..\RunServices: [CheckMonitor] regdisk16.exe -services
O4 - HKCU\..\Run: [ppcload] C:\WINDOWS\System32\ppcload.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [apvxdwin.exe] apvxdwin.exe
O4 - HKCU\..\Run: [CheckMonitor] regdisk16.exe -drivers
O4 - HKCU\..\Run: [IPConfig] svcxnw32.exe
O4 - HKCU\..\Run: [Shell API32] svcnet.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [196_150_ni] C:\WINDOWS\System32\196_150_ni.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [197_150_ni_7] C:\WINDOWS\System32\197_150_ni_7.exe
O4 - HKCU\..\Run: [198_150_ni_5] "C:\Documents and Settings\Hao Chiang Yu\198_150_ni_5.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126026583859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155273153650
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: bw+0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:01:42 AM 1/3/2007

+ Scan result:

HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Hao Chiang Yu\xOLDJAJNGLL.exe -> Downloader.Agent.am : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\winclk4.exe -> Hijacker.Small.dy : Cleaned with backup (quarantined).
C:\Documents and Settings\Hao Chiang Yu\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Local Settings\Temp\Cookies\hao chiang [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Local Settings\Temp\Cookies\hao chiang [email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Local Settings\Temp\Cookies\hao chiang [email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Local Settings\Temp\Cookies\hao chiang [email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned.

::Report end
 
N

· Registered
Joined
·
36 Posts
Discussion Starter · #4 ·
Here are the reports from AVG and Hijackthis. But for some reason when I try to go to the Panda's ActiveScan website, I could not access it as it would always say "This page cannot be displaced."

Logfile of HijackThis v1.99.1
Scan saved at 8:45:35 AM, on 1/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Hao Chiang Yu\Desktop\Internet Security\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe,regdisk16.exe -shell
O1 - Hosts: 127.30.20.126 www.symantec.com
O1 - Hosts: 127.36.217.202 securityresponse.symantec.com
O1 - Hosts: 127.150.86.208 symantec.com
O1 - Hosts: 127.18.214.18 www.mcafee.com
O1 - Hosts: 127.108.230.56 mcafee.com
O1 - Hosts: 127.244.125.91 us.mcafee.com
O1 - Hosts: 127.228.76.227 www.sophos.com
O1 - Hosts: 127.212.71.84 sophos.com
O1 - Hosts: 127.64.147.109 www.viruslist.com
O1 - Hosts: 127.168.160.12 viruslist.com
O1 - Hosts: 127.208.200.54 f-secure.com
O1 - Hosts: 127.109.184.42 www.f-secure.com
O1 - Hosts: 127.31.192.161 kaspersky.com
O1 - Hosts: 127.216.200.2 www.avp.com
O1 - Hosts: 127.18.137.110 www.kaspersky.com
O1 - Hosts: 127.143.125.156 avp.com
O1 - Hosts: 127.87.33.168 www.networkassociates.com
O1 - Hosts: 127.226.145.2 networkassociates.com
O1 - Hosts: 127.120.67.224 www.ca.com
O1 - Hosts: 127.124.187.110 ca.com
O1 - Hosts: 127.106.93.176 my-etrust.com
O1 - Hosts: 127.136.117.52 www.my-etrust.com
O1 - Hosts: 127.117.32.183 secure.nai.com
O1 - Hosts: 127.60.83.122 nai.com
O1 - Hosts: 127.190.33.143 www.nai.com
O1 - Hosts: 127.201.218.27 trendmicro.com
O1 - Hosts: 127.233.123.102 www.trendmicro.com
O1 - Hosts: 127.29.19.76 housecall.trendmicro.com
O1 - Hosts: 127.130.130.77 www.pandasoftware.com
O1 - Hosts: 127.255.92.212 www.bitdefender.com
O1 - Hosts: 127.49.219.80 www.ravantivirus.com
O1 - Hosts: 127.107.27.254 www3.ca.com
O1 - Hosts: 127.227.152.244 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.58.92.141 v5.windowsupdate.microsoft.com
O1 - Hosts: 127.113.46.182 v5windowsupdate.microsoft.nsatc.net
O1 - Hosts: 127.113.140.85 windowsupdate.microsoft.com
O1 - Hosts: 127.112.87.151 www.windowsupdate.com
O1 - Hosts: 127.219.200.73 windowsupdate.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mqsBar BHO - {0E677221-E309-4341-81BD-3CC3018BF5B3} - C:\Program Files\MyQuickSearch\bar\1.bin\MQSBAR.DLL (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: My &Quick Search - {0E677229-E309-4341-81BD-3CC3018BF5B3} - C:\Program Files\MyQuickSearch\bar\1.bin\MQSBAR.DLL (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [System Update Service] wmiprvsc.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [apvxdwin.exe] apvxdwin.exe
O4 - HKLM\..\Run: [CheckMonitor] regdisk16.exe -services
O4 - HKLM\..\Run: [mswnvmx32] explorer
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [imjpmig] C:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [System Update Service] wmiprvsc.exe
O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
O4 - HKLM\..\RunServices: [CheckMonitor] regdisk16.exe -services
O4 - HKCU\..\Run: [ppcload] C:\WINDOWS\System32\ppcload.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [apvxdwin.exe] apvxdwin.exe
O4 - HKCU\..\Run: [CheckMonitor] regdisk16.exe -drivers
O4 - HKCU\..\Run: [IPConfig] svcxnw32.exe
O4 - HKCU\..\Run: [Shell API32] svcnet.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [196_150_ni] C:\WINDOWS\System32\196_150_ni.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [197_150_ni_7] C:\WINDOWS\System32\197_150_ni_7.exe
O4 - HKCU\..\Run: [198_150_ni_5] "C:\Documents and Settings\Hao Chiang Yu\198_150_ni_5.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126026583859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155273153650
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: bw+0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {83863433-326F-4B6E-879E-AC9EAEB15765} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:01:42 AM 1/3/2007

+ Scan result:

HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Hao Chiang Yu\xOLDJAJNGLL.exe -> Downloader.Agent.am : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\winclk4.exe -> Hijacker.Small.dy : Cleaned with backup (quarantined).
C:\Documents and Settings\Hao Chiang Yu\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Local Settings\Temp\Cookies\hao chiang [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Local Settings\Temp\Cookies\hao chiang [email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Local Settings\Temp\Cookies\hao chiang [email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Hao Chiang Yu\Local Settings\Temp\Cookies\hao chiang [email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned.

::Report end
 
N

· Registered
Joined
·
36 Posts
Discussion Starter · #7 ·
Logfile of HijackThis v1.99.1
Scan saved at 7:53:25 PM, on 1/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Hao Chiang Yu\Desktop\Internet Security\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe,regdisk16.exe -shell
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mqsBar BHO - {0E677221-E309-4341-81BD-3CC3018BF5B3} - C:\Program Files\MyQuickSearch\bar\1.bin\MQSBAR.DLL (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: My &Quick Search - {0E677229-E309-4341-81BD-3CC3018BF5B3} - C:\Program Files\MyQuickSearch\bar\1.bin\MQSBAR.DLL (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [System Update Service] wmiprvsc.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [apvxdwin.exe] apvxdwin.exe
O4 - HKLM\..\Run: [CheckMonitor] regdisk16.exe -services
O4 - HKLM\..\Run: [mswnvmx32] explorer
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [imjpmig] C:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [System Update Service] wmiprvsc.exe
O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
O4 - HKLM\..\RunServices: [CheckMonitor] regdisk16.exe -services
O4 - HKCU\..\Run: [ppcload] C:\WINDOWS\System32\ppcload.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [apvxdwin.exe] apvxdwin.exe
O4 - HKCU\..\Run: [CheckMonitor] regdisk16.exe -drivers
O4 - HKCU\..\Run: [IPConfig] svcxnw32.exe
O4 - HKCU\..\Run: [Shell API32] svcnet.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [196_150_ni] C:\WINDOWS\System32\196_150_ni.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [197_150_ni_7] C:\WINDOWS\System32\197_150_ni_7.exe
O4 - HKCU\..\Run: [198_150_ni_5] "C:\Documents and Settings\Hao Chiang Yu\198_150_ni_5.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126026583859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155273153650
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
 
Cheeseball81

· Retired Moderator
Joined
·
84,466 Posts
#8 ·
One more thing to run......

Download Combofix to your desktop:

* Double-click Combofix.exe and follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not mouse click Combofix's window while it's running. That may cause it to stall.
 
N

· Registered
Joined
·
36 Posts
Discussion Starter · #9 ·
Hao Chiang Yu - 07-01-03 21:52:41.75 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Hao Chiang Yu\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-03 to 2007-01-03 ))))))))))))))))))))))))))))))))))

2007-01-02 23:33 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-01-02 23:33 d-------- C:\Program Files\Grisoft
2007-01-02 12:58 4,682 --a------ C:\WINDOWS\SYSTEM32\npptNT2.sys
2007-01-02 12:43 d-------- C:\Program Files\NEXON
2007-01-02 00:02 d--h----- C:\WINDOWS\msdownld.tmp
2007-01-02 00:01 d-------- C:\WINDOWS\WBEM
2007-01-02 00:01 d-------- C:\WINDOWS\SYSTEM32\en-US
2007-01-01 23:59 d--h-c--- C:\WINDOWS\ie7
2007-01-01 23:56 121,856 --------- C:\WINDOWS\SYSTEM32\xmllite.dll
2007-01-01 23:56 d--h----- C:\WINDOWS\$hf_mig$
2006-12-30 23:02 d-------- C:\Program Files\PowerISO
2006-12-30 22:36 d-------- C:\Documents and Settings\Hao Chiang Yu\Application Data\DivX
2006-12-30 19:33 d-------- C:\Program Files\WinRAR
2006-12-30 19:15 d-------- C:\Documents and Settings\Hao Chiang Yu\Application Data\Media Player Classic
2006-12-30 19:05 d-------- C:\Program Files\Windows Media Connect 2
2006-12-30 19:02 d-------- C:\WINDOWS\SYSTEM32\LogFiles
2006-12-30 19:02 d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2006-12-30 19:00 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-12-14 15:43 d-------- C:\Documents and Settings\All Users\Application Data\CA
2006-12-12 11:30 520,192 --a------ C:\WINDOWS\SYSTEM32\DivXsm.exe
2006-12-12 11:30 3,596,288 --a------ C:\WINDOWS\SYSTEM32\qt-dx331.dll
2006-12-12 11:30 200,704 --a------ C:\WINDOWS\SYSTEM32\ssldivx.dll
2006-12-12 11:30 1,044,480 --a------ C:\WINDOWS\SYSTEM32\libdivx.dll
2006-12-12 11:25 806,912 --a------ C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2006-12-12 11:25 806,912 --a------ C:\WINDOWS\SYSTEM32\divx_xx07.dll
2006-12-12 11:25 790,528 --a------ C:\WINDOWS\SYSTEM32\divx_xx11.dll
2006-12-12 11:25 73,728 --a------ C:\WINDOWS\SYSTEM32\dpl100.dll
2006-12-12 11:25 635,486 --a------ C:\WINDOWS\SYSTEM32\DivX.dll
2006-12-12 11:25 593,920 --a------ C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2006-12-12 11:25 57,344 --a------ C:\WINDOWS\SYSTEM32\dpv11.dll
2006-12-12 11:25 53,248 --a------ C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2006-12-12 11:25 344,064 --a------ C:\WINDOWS\SYSTEM32\dpus11.dll
2006-12-12 11:25 294,912 --a------ C:\WINDOWS\SYSTEM32\dpu11.dll
2006-12-12 11:25 294,912 --a------ C:\WINDOWS\SYSTEM32\dpu10.dll
2006-12-12 11:25 196,608 --a------ C:\WINDOWS\SYSTEM32\dtu100.dll
2006-12-12 11:24 12,288 --a------ C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2006-12-12 11:24 118,784 --a------ C:\WINDOWS\SYSTEM32\DivXCodecUpdateChecker.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-03 19:49 -------- d--h----- C:\Program Files\InstallShield Installation Information
2007-01-03 19:49 -------- d-------- C:\Program Files\Logitech
2007-01-02 11:54 -------- d-------- C:\Program Files\MUSICMATCH
2007-01-02 11:52 -------- d-------- C:\Program Files\Jasc Software Inc
2007-01-02 00:05 -------- d-------- C:\Program Files\Internet Explorer
2006-12-31 16:42 -------- d-------- C:\Documents and Settings\Hao Chiang Yu\Application Data\Apple Computer
2006-12-31 10:55 -------- d-------- C:\Documents and Settings\Hao Chiang Yu\Application Data\Arcsoft
2006-12-31 10:49 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-12-31 10:47 -------- d-------- C:\Program Files\Microsoft Works
2006-12-31 10:45 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-30 23:22 -------- d-------- C:\Program Files\Common Files
2006-12-30 19:28 -------- d-------- C:\Program Files\DivX
2006-12-30 19:06 -------- d-------- C:\Program Files\Windows Media Player
2006-12-27 00:15 98304 --a------ C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\SYSTEM32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\SYSTEM32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\SYSTEM32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll
2006-11-06 03:28 30988 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\scdemu.sys
2006-10-18 21:58 8704 --a------ C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\SYSTEM32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\SYSTEM32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\SYSTEM32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\SYSTEM32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\SYSTEM32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\SYSTEM32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\SYSTEM32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\SYSTEM32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\SYSTEM32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\SYSTEM32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\SYSTEM32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\SYSTEM32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\SYSTEM32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\SYSTEM32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\SYSTEM32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\SYSTEM32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\SYSTEM32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\SYSTEM32\PortableDeviceApi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\SYSTEM32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\SYSTEM32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\SYSTEM32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\SYSTEM32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\SYSTEM32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\SYSTEM32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\SYSTEM32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\SYSTEM32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\SYSTEM32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\SYSTEM32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\SYSTEM32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\SYSTEM32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\SYSTEM32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\SYSTEM32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\SYSTEM32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\SYSTEM32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\SYSTEM32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\SYSTEM32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\SYSTEM32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\SYSTEM32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\SYSTEM32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\SYSTEM32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\SYSTEM32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\SYSTEM32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\SYSTEM32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\SYSTEM32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\SYSTEM32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\SYSTEM32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\SYSTEM32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\SYSTEM32\wpdshextautoplay.exe
2006-10-17 12:06 78336 --a------ C:\WINDOWS\SYSTEM32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\SYSTEM32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\SYSTEM32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\SYSTEM32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\SYSTEM32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\SYSTEM32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\SYSTEM32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\SYSTEM32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\SYSTEM32\ieapfltr.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sonic RecordNow!"=""
"ppcload"="C:\\WINDOWS\\System32\\ppcload.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"apvxdwin.exe"="apvxdwin.exe"
"CheckMonitor"="regdisk16.exe -drivers"
"IPConfig"="svcxnw32.exe"
"Shell API32"="svcnet.exe"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"196_150_ni"="C:\\WINDOWS\\System32\\196_150_ni.exe"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"197_150_ni_7"="C:\\WINDOWS\\System32\\197_150_ni_7.exe"
"198_150_ni_5"="\"C:\\Documents and Settings\\Hao Chiang Yu\\198_150_ni_5.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"BCMSMMSG"="BCMSMMSG.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"diagent"="\"C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup"
"YBrowser"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"Motive SmartBridge"="C:\\PROGRA~1\\SBCSEL~1\\SMARTB~1\\MotiveSB.exe"
"System Update Service"="wmiprvsc.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"apvxdwin.exe"="apvxdwin.exe"
"CheckMonitor"="regdisk16.exe -services"
"mswnvmx32"="explorer"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"imjpmig"="C:\\IME\\IMJP\\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"IPInSightLAN 02"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPClient.exe\" -l"
"IPInSightMonitor 02"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPMon32.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"System Update Service"="wmiprvsc.exe"
"scvhost.exe"="scvhost.exe"
"CheckMonitor"="regdisk16.exe -services"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"DisallowRun"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]
"0"="blackd.exe"
"1"="blackice.exe"
"2"="lockdown.exe"
"3"="lockdown2000.exe"
"4"="netmon.exe"
"5"="processmonitor.exe"
"6"="taskkill.exe"
"7"="tskill.exe"
"8"="smc.exe"
"9"="sniffem.exe"
"10"="zapro.exe"
"11"="zlclient.exe"
"12"="zonealarm.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=hex:5f,00,00,00
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\WebReg 20040827210708.job

Completion time: 07-01-03 21:54:59.09
C:\ComboFix.txt ... 07-01-03 21:54
 
Cheeseball81

· Retired Moderator
Joined
·
84,466 Posts
#10 ·
1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\wmiprvsc.exe
C:\WINDOWS\System32\apvxdwin.exe
C:\WINDOWS\System32\regdisk16.exe
C:\WINDOWS\System32\scvhost.exe
C:\WINDOWS\System32\ppcload.exe
C:\WINDOWS\System32\svcxnw32.exe
C:\WINDOWS\System32\svcnet.exe
C:\WINDOWS\System32\196_150_ni.exe
C:\WINDOWS\System32\197_150_ni_7.exe
C:\Documents and Settings\Hao Chiang Yu\198_150_ni_5.exe
Click to expand...

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

Rescan with Hijack This, close all browser windows except Hijack This, put a checkmark beside these entries and click fix checked.

F2 - REG:system.ini: Shell=Explorer.exe,regdisk16.exe -shell

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O2 - BHO: mqsBar BHO - {0E677221-E309-4341-81BD-3CC3018BF5B3} - C:\Program Files\MyQuickSearch\bar\1.bin\MQSBAR.DLL (file missing)

O3 - Toolbar: My &Quick Search - {0E677229-E309-4341-81BD-3CC3018BF5B3} - C:\Program Files\MyQuickSearch\bar\1.bin\MQSBAR.DLL (file missing)

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O4 - HKLM\..\Run: [System Update Service] wmiprvsc.exe

O4 - HKLM\..\Run: [apvxdwin.exe] apvxdwin.exe

O4 - HKLM\..\Run: [CheckMonitor] regdisk16.exe -services

O4 - HKLM\..\Run: [mswnvmx32] explorer

O4 - HKLM\..\RunServices: [System Update Service] wmiprvsc.exe

O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe

O4 - HKLM\..\RunServices: [CheckMonitor] regdisk16.exe -services

O4 - HKCU\..\Run: [ppcload] C:\WINDOWS\System32\ppcload.exe

O4 - HKCU\..\Run: [apvxdwin.exe] apvxdwin.exe

O4 - HKCU\..\Run: [CheckMonitor] regdisk16.exe -drivers

O4 - HKCU\..\Run: [IPConfig] svcxnw32.exe

O4 - HKCU\..\Run: [Shell API32] svcnet.exe

O4 - HKCU\..\Run: [196_150_ni] C:\WINDOWS\System32\196_150_ni.exe

O4 - HKCU\..\Run: [197_150_ni_7] C:\WINDOWS\System32\197_150_ni_7.exe

O4 - HKCU\..\Run: [198_150_ni_5] "C:\Documents and Settings\Hao Chiang Yu\198_150_ni_5.exe"

Reboot and post another Hijack This log please.
 
N

· Registered
Joined
·
36 Posts
Discussion Starter · #11 ·
Logfile of HijackThis v1.99.1
Scan saved at 12:34:33 AM, on 1/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Hao Chiang Yu\Desktop\Internet Security\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [imjpmig] C:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126026583859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155273153650
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vkwglbuc

*******************

Script file located at: \??\C:\Program Files\udxhtjya.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\wmiprvsc.exe not found!
Deletion of file C:\WINDOWS\system32\wmiprvsc.exe failed!

Could not process line:
C:\WINDOWS\system32\wmiprvsc.exe
Status: 0xc0000034

File C:\WINDOWS\System32\apvxdwin.exe not found!
Deletion of file C:\WINDOWS\System32\apvxdwin.exe failed!

Could not process line:
C:\WINDOWS\System32\apvxdwin.exe
Status: 0xc0000034

File C:\WINDOWS\System32\regdisk16.exe not found!
Deletion of file C:\WINDOWS\System32\regdisk16.exe failed!

Could not process line:
C:\WINDOWS\System32\regdisk16.exe
Status: 0xc0000034

File C:\WINDOWS\System32\scvhost.exe not found!
Deletion of file C:\WINDOWS\System32\scvhost.exe failed!

Could not process line:
C:\WINDOWS\System32\scvhost.exe
Status: 0xc0000034

File C:\WINDOWS\System32\ppcload.exe not found!
Deletion of file C:\WINDOWS\System32\ppcload.exe failed!

Could not process line:
C:\WINDOWS\System32\ppcload.exe
Status: 0xc0000034

File C:\WINDOWS\System32\svcxnw32.exe not found!
Deletion of file C:\WINDOWS\System32\svcxnw32.exe failed!

Could not process line:
C:\WINDOWS\System32\svcxnw32.exe
Status: 0xc0000034

File C:\WINDOWS\System32\svcnet.exe not found!
Deletion of file C:\WINDOWS\System32\svcnet.exe failed!

Could not process line:
C:\WINDOWS\System32\svcnet.exe
Status: 0xc0000034

File C:\WINDOWS\System32\196_150_ni.exe not found!
Deletion of file C:\WINDOWS\System32\196_150_ni.exe failed!

Could not process line:
C:\WINDOWS\System32\196_150_ni.exe
Status: 0xc0000034

File C:\WINDOWS\System32\197_150_ni_7.exe not found!
Deletion of file C:\WINDOWS\System32\197_150_ni_7.exe failed!

Could not process line:
C:\WINDOWS\System32\197_150_ni_7.exe
Status: 0xc0000034

File C:\Documents and Settings\Hao Chiang Yu\198_150_ni_5.exe not found!
Deletion of file C:\Documents and Settings\Hao Chiang Yu\198_150_ni_5.exe failed!

Could not process line:
C:\Documents and Settings\Hao Chiang Yu\198_150_ni_5.exe
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.
 
Cheeseball81

· Retired Moderator
Joined
·
84,466 Posts
#16 ·
NOTcomputers said:
I have a quick problem. My computer can't seem to load up my CD-ROM and DVD drivers. I dont know if this is in your department but can you help?
Click to expand...
That's definitely more of a hardware dept. issue.
I'd create a new thread about it.
 
1 - 17 of 17 Posts
Status
Not open for further replies.
About this Discussion
16 Replies
2 Participants
Last post:
NOTcomputers
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top