NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY
 
 
 
 
 
 
  
Register   FAQ   Login  

spyfalcon :(





AddThis Social Bookmark Button AddThis Feed Button

       2-spyware forum index -> HijackThis log analysis
Author Message
r0an



Joined: 13 May 2006
Posts: 4
Post Post subject: spyfalcon :( Reply with quote
plz help, its driving me bonkers

Logfile of HijackThis v1.99.1
Scan saved at 01:41:39, on 13/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\PromptCast\PromptCast.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech mouse\SetPoint\SetPoint.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\regedit.exe
C:\Documents and Settings\3XS\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.scan.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.scan.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Provided by 3XS
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpE82.tmp
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PromptCast] C:\Program Files\PromptCast\PromptCast.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech mouse\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095156922093
O16 - DPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C} - http://www.surveys.com/promptcast/Installs/SURVEYS.COM%20PROMPTCAST%20SETUP.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A61A0AF3-F29D-4C99-82D4-9C74A65705FA}: NameServer = 62.241.162.200 62.241.163.201
O18 - Protocol: bw+0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: M-Audio USB Installer (MAudioUSBService) - Unknown owner - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Sat May 13, 2006 12:45 am
Back to top
r0an View user's profile Send private message
 
HJT Analyzer



Joined: 15 Mar 2006
Posts: 647
Post Post subject: My HijackThis log Reply with quote
Hello, visitor!

The Hijack This log analyzer has analyzed your log. Please take a closer look on the results.

Your system seems to be infected with malicious parasites. Please follow the steps below in order to eliminate the infection and clean up your computer.

1. Download the Pocket KillBox utility. You will need it later to delete parasite-related files and folders.
2. The following entries are not malicious, but some of them are not used anymore. You may use HijackThis to fix a few of them. However, please keep in mind that some of the entries marked as Questionable or Not Needed are fully legitimate and might be required by installed software to work properly, while some others might be related to certain parasites. It is up to you to decide whether you need any of them, or not.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.scan.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.scan.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Provided by 3XS
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra ''Tools'' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095156922093
O16 - DPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C} - http://www.surveys.com/promptcast/Installs/SURVEYS.COM%20PROMPTCAST%20SETUP.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A61A0AF3-F29D-4C99-82D4-9C74A65705FA}: NameServer = 62.241.162.200 62.241.163.201
O18 - Protocol: bw+0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: M-Audio USB Installer (MAudioUSBService) - Unknown owner - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe (file missing)3. Now restart your system in Safe Mode. This step is very important!
4. Use the Pocket KillBox utility to delete the following files:

C:\WINDOWS\system32\dcomcfg.exe

The following files and Windows registry entries are marked as "unknown". Currently, the HijackThis Log Analyzer cannot provide required information on these items. The files and entries in the list below can be both malicious and fully legitimate. Because of this, please do not take any action! Wait for the forum responders or other forum users to provide you with necessary details and further instructions.
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\PromptCast\PromptCast.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech mouse\SetPoint\SetPoint.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpE82.tmp
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [PromptCast] C:\Program Files\PromptCast\PromptCast.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech mouse\SetPoint\SetPoint.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
After going through all the steps, run another HijackThis scan and post a fresh log to the HijackThis analyzer. It is possible that some parasites your system was infected with were not removed completely and may restore themselves later.


If you want to see more detailed analysis of your log, click here.

Thank you for using the 2-Spyware.com HijackThis log analyzer!
Sat May 13, 2006 12:45 am
Back to top
HJT Analyzer View user's profile Send private message
 
r0an



Joined: 13 May 2006
Posts: 4
Post Post subject: Reply with quote
Logfile of HijackThis v1.99.1
Scan saved at 16:18:01, on 13/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\PromptCast\PromptCast.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech mouse\SetPoint\SetPoint.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\3XS\Desktop\KillBox.exe
C:\Documents and Settings\3XS\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.scan.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.scan.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Provided by 3XS
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpE82.tmp (file missing)
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PromptCast] C:\Program Files\PromptCast\PromptCast.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech mouse\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095156922093
O16 - DPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C} - http://www.surveys.com/promptcast/Installs/SURVEYS.COM%20PROMPTCAST%20SETUP.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A61A0AF3-F29D-4C99-82D4-9C74A65705FA}: NameServer = 62.241.163.200 62.241.162.201
O18 - Protocol: bw+0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: M-Audio USB Installer (MAudioUSBService) - Unknown owner - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Sat May 13, 2006 3:38 pm
Back to top
r0an View user's profile Send private message
 
HJT Analyzer



Joined: 15 Mar 2006
Posts: 647
Post Post subject: My HijackThis log Reply with quote
Hello, visitor!

The Hijack This log analyzer has analyzed your log. Please take a closer look on the results.

Your log does not indicate any spyware or virus infection. However, there are some entries that you might want to fix. Please follow the steps below.

The following entries are not malicious, but some of them are not used anymore. You may use HijackThis to fix a few of them. However, please keep in mind that some of the entries marked as Questionable or Not Needed are fully legitimate and might be required by installed software to work properly, while some others might be related to certain parasites. It is up to you to decide whether you need any of them, or not.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.scan.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.scan.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Provided by 3XS
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpE82.tmp (file missing)
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra ''Tools'' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095156922093
O16 - DPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C} - http://www.surveys.com/promptcast/Installs/SURVEYS.COM%20PROMPTCAST%20SETUP.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A61A0AF3-F29D-4C99-82D4-9C74A65705FA}: NameServer = 62.241.163.200 62.241.162.201
O18 - Protocol: bw+0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: M-Audio USB Installer (MAudioUSBService) - Unknown owner - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe (file missing)

The following files and Windows registry entries are marked as "unknown". Currently, the HijackThis Log Analyzer cannot provide required information on these items. The files and entries in the list below can be both malicious and fully legitimate. Because of this, please do not take any action! Wait for the forum responders or other forum users to provide you with necessary details and further instructions.
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\PromptCast\PromptCast.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech mouse\SetPoint\SetPoint.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [PromptCast] C:\Program Files\PromptCast\PromptCast.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech mouse\SetPoint\SetPoint.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

If you want to see more detailed analysis of your log, click here.

Thank you for using the 2-Spyware.com HijackThis log analyzer beta 1!
Sat May 13, 2006 3:38 pm
Back to top
HJT Analyzer View user's profile Send private message
 
Coskun



Joined: 14 May 2006
Posts: 1
Post Post subject: Reply with quote
[DELETED BY THE FORUM ADMINISTRATOR]
Sun May 14, 2006 7:35 am
Back to top
Coskun View user's profile Send private message
 
GTO



Joined: 15 Nov 2005
Posts: 1519
Post Post subject: Reply with quote
Hi, Coskun. Welcome to the 2-Spyware.com forums!

Please create your own thread and post your HijackThis log there.
Your post will be deleted, as it is not in your own thread.
Sun May 14, 2006 10:04 am
Back to top
GTO View user's profile Send private message
 
GTO



Joined: 15 Nov 2005
Posts: 1519
Post Post subject: Reply with quote
Hi, r0an. Welcome to the 2-Spyware.com forums!

Please follow these steps:

1. Download the smitRem tool and unpack its files to a chosen folder.

2. Download Pocket KillBox or KillBox utility.

3. Use HijackThis to fix the following entries:
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpE82.tmp (file missing)
O4 - Global Startup: DesktopEarth AutoStart.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: M-Audio USB Installer (MAudioUSBService) - Unknown owner - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe (file missing)

4. Now restart your system in Safe Mode. This step is very important!

5. Once in Safe Mode, run the smitRem tool by executing the RunThis.bat file.

6. Then use either Pocket KillBox or KillBox to delete the following files (if exist):
C:\WINDOWS\System32\atmclk.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\WINDOWS\System32\twain32.dll
C:\WINDOWS\System32\reglogs.dll
C:\WINDOWS\System32\appmagr.dll

7. After you get done, restart your computer, run new HijackThis scan and post a fresh log here.


If the above instructions will not help, you will have to download the SmitFraudFix tool, restart your system in Safe Mode and run a scan. The SmitFraudFix guide can be found on the official web site.
Sun May 14, 2006 10:25 am
Back to top
GTO View user's profile Send private message
 
r0an



Joined: 13 May 2006
Posts: 4
Post Post subject: Reply with quote
GTO - I Think I love you man

everything looks good, hopefully i can reinstall now, your a star thx for your help





Logfile of HijackThis v1.99.1
Scan saved at 14:15:32, on 14/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\PromptCast\PromptCast.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech mouse\SetPoint\SetPoint.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\3XS\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.scan.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Provided by 3XS
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PromptCast] C:\Program Files\PromptCast\PromptCast.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech mouse\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095156922093
O16 - DPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C} - http://www.surveys.com/promptcast/Installs/SURVEYS.COM%20PROMPTCAST%20SETUP.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A61A0AF3-F29D-4C99-82D4-9C74A65705FA}: NameServer = 62.241.163.200 62.241.162.201
O18 - Protocol: bw+0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E2726B6C-E51A-4B4A-BD0B-6998AF41BC90} - C:\Program Files\Logitech mouse\Desktop Messenger\8876480\Program\BWPlugProto