Author Topic: Had enough yesterday  (Read 21360 times)

0 Members and 1 Guest are viewing this topic.

Offline tim

  • Full Member
  • ***
  • Posts: 35
    • View Profile
Re: Had enough yesterday
« Reply #30 on: July 31, 2006, 12:27:39 AM »

 VX2 Object Recognized!
    Type               : File
    Data               : A0102449.exe
    TAC Rating         : 10
    Category           : Malware
    Comment            :
    Object             : C:\System Volume Information\_restore{CD341A10-079F-4AEC-AC06-18A32F0A0564}\RP134\



 VX2 Object Recognized!
    Type               : File
    Data               : A0102452.dll
    TAC Rating         : 10
    Category           : Malware
    Comment            :
    Object             : C:\System Volume Information\_restore{CD341A10-079F-4AEC-AC06-18A32F0A0564}\RP134\



 VX2 Object Recognized!
    Type               : File
    Data               : A0102460.exe
    TAC Rating         : 10
    Category           : Malware
    Comment            :
    Object             : C:\System Volume Information\_restore{CD341A10-079F-4AEC-AC06-18A32F0A0564}\RP134\



 CmdServices Object Recognized!
    Type               : File
    Data               : A0102463.exe
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Object             : C:\System Volume Information\_restore{CD341A10-079F-4AEC-AC06-18A32F0A0564}\RP134\



 win32.Trojan.Dnschanger Object Recognized!
    Type               : File
    Data               : A0102465.exe
    TAC Rating         : 10
    Category           : Monitoring Tool
    Comment            :
    Object             : C:\System Volume Information\_restore{CD341A10-079F-4AEC-AC06-18A32F0A0564}\RP134\



 CmdServices Object Recognized!
    Type               : File
    Data               : atmtd.dll
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Object             : C:\WINDOWS\system32\



 CmdServices Object Recognized!
    Type               : File
    Data               : atmtd.dll._
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Object             : C:\WINDOWS\system32\



 Targetsaver Object Recognized!
    Type               : File
    Data               : tsuninst.exe
    TAC Rating         : 8
    Category           : Malware
    Comment            :
    Object             : C:\WINDOWS\system32\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 40




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 Adware.Look2Me Object Recognized!
    Type               : Regkey
    Data               :
    TAC Rating         : 7
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows nt\currentversion\winlogon\notify

 CmdServices Object Recognized!
    Type               : Regkey
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}
    Value              : DisplayName

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}
    Value              : DisplayVersion

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}
    Value              : NoModify

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}
    Value              : NoRemove

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}
    Value              : NoRepair

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}
    Value              : UninstallString

 CmdServices Object Recognized!
    Type               : Regkey
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : system\controlset001\services\cmdservice

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : system\controlset001\services\cmdservice
    Value              : Start

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : system\controlset001\services\cmdservice
    Value              : ErrorControl

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : system\controlset001\services\cmdservice
    Value              : ImagePath

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : system\controlset001\services\cmdservice
    Value              : DisplayName

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : system\controlset001\services\cmdservice
    Value              : ObjectName

 CmdServices Object Recognized!
    Type               : Regkey
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : system\currentcontrolset\services\cmdservice

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : system\currentcontrolset\services\cmdservice
    Value              : Start

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : system\currentcontrolset\services\cmdservice
    Value              : ErrorControl

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : system\currentcontrolset\services\cmdservice
    Value              : ImagePath

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : system\currentcontrolset\services\cmdservice
    Value              : DisplayName

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : system\currentcontrolset\services\cmdservice
    Value              : ObjectName

 CmdServices Object Recognized!
    Type               : Regkey
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}
    Value              : DisplayName

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}
    Value              : DisplayVersion

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}
    Value              : NoModify

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}
    Value              : NoRemove

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}
    Value              : NoRepair

 CmdServices Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 4
    Category           : Adware
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}
    Value              : UninstallString

 win32.Trojan.Dnschanger Object Recognized!
    Type               : Folder
    TAC Rating         : 10
    Category           : Monitoring Tool
    Comment            : win32.Trojan.Dnschanger
    Object             : C:\Program\Network Monitor

 Other Object Recognized!
    Type               : File
    Data               : CMDINST.EXE-04387730.pf
    TAC Rating         : 10
    Category           : Malware
    Comment            :
    Object             : C:\WINDOWS\prefetch\



 Other Object Recognized!
    Type               : File
    Data               : TSINSTALL_4_0_4_0_B4.EXE-184763E1.pf
    TAC Rating         : 10
    Category           : Malware
    Comment            :
    Object             : C:\WINDOWS\prefetch\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 30
Objects found so far: 70

03:00:13 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:22:13.687
Objects scanned:231278
Objects identified:61
Objects ignored:0
New critical objects:61


that was it.
"Although extraordinary valor was displayed by the entire corps of Spartans and Thespaians, yet bravest of all was declared the Spartan Dienekes. It is said that on the eve of battle, he was told by a native of Trachis that the Persian archers were so numerous that, when they fired their volleys, the mass of arrows blocked out the sun. Dienekes, however, quite undaunted by this prospect, remarked with a laugh, "Good. Then we'll have our battle in the shade."" - Herodotus, The Histories.  (If you're interested in the battle of Thermopylae, read "Gates of Fire" by Steven Pressfield)

Offline tim

  • Full Member
  • ***
  • Posts: 35
    • View Profile
Re: Had enough yesterday
« Reply #31 on: July 31, 2006, 01:13:11 AM »
I've installed a fw, ZA (free version) and thinking of getting a hardware fw too, as I've got a cable connection + in the end of a summer there will be another comp in the house that needs protection. whaddaya think bout that?

btw, I'm still getting redirected even tho I got ZA up
"Although extraordinary valor was displayed by the entire corps of Spartans and Thespaians, yet bravest of all was declared the Spartan Dienekes. It is said that on the eve of battle, he was told by a native of Trachis that the Persian archers were so numerous that, when they fired their volleys, the mass of arrows blocked out the sun. Dienekes, however, quite undaunted by this prospect, remarked with a laugh, "Good. Then we'll have our battle in the shade."" - Herodotus, The Histories.  (If you're interested in the battle of Thermopylae, read "Gates of Fire" by Steven Pressfield)

Offline tim

  • Full Member
  • ***
  • Posts: 35
    • View Profile
Re: Had enough yesterday
« Reply #32 on: July 31, 2006, 01:21:00 AM »
just noticed that my CPU usage is constantly 100 % even though I'm not running anything special (this window). However, in the program list there are two, to me, strange programs running (which I don't see) .. they are both named "Project1", and one of the Project1's is constantly using 95+ of the CPU, and the memory usage is about 12 mb. (the other Project1 is inactive and got 11mb memory usage)

Anything I can do?
"Although extraordinary valor was displayed by the entire corps of Spartans and Thespaians, yet bravest of all was declared the Spartan Dienekes. It is said that on the eve of battle, he was told by a native of Trachis that the Persian archers were so numerous that, when they fired their volleys, the mass of arrows blocked out the sun. Dienekes, however, quite undaunted by this prospect, remarked with a laugh, "Good. Then we'll have our battle in the shade."" - Herodotus, The Histories.  (If you're interested in the battle of Thermopylae, read "Gates of Fire" by Steven Pressfield)

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20375
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Had enough yesterday
« Reply #33 on: August 01, 2006, 12:47:27 AM »
    Hi,Tim.  I'm actually surprised that you've been able to boot that computer and its no wonder that your CPU usage keeps reacing 100%.  Your machine is already infected.  The firewall cannot do anything about that.ewido removed a lot to start.  Let's see what Ad-Aware can remove and then see what it will take to get the machine clean.

    Please launch Ad-Aware SE and check for updates.  Next click on the gear to access the Configuration Menu.  Click on Tweak > Cleaning Engine >
UNcheck "Always try to unload modules before deletion".  Then, please follow the steps listed below.

A. First, clean the temporary files on the computer.  Please download CCleaner v1.30.310 - Slim from http://www.ccleaner.com/download/builds.aspx  . 

Instructions for using CCleaner:
  • Close all open programs, including Internet Explorer, Fire Fox and any instances of Windows Explorer.
  • Launch CCleaner and under Options > Advanced > UNcheck "Only delete files in Windows Temp folder older than 48 hours".
  • A pop up box will appear advising this process will permanently delete files from your system.
  • To protect logon cookies that you wish to retain, under Options > Cookies.  Select and using the arrow move those cookies to the "Cookies to keep" column.
  • Then select the following items[list=a]
  • In the Windows Tab:
    • Clean all entries in the "Internet Explorer" section.
    • Clean all the entries in the "Windows Explorer" section.
    • Clean all entries in the "System" section except Windows Log Files.
  • In the Applications Tab:
    • Clean all in the Firefox/Mozilla section if you use it.
    • Clean all in the Opera section if you use it.
    • Clean Sun Java in the Internet Section.
    • Please UNcheck "Utilities" (i.e., Ad-Aware, ewido and other security program logs.)
  • Click the "Run Cleaner" button and it will scan and clean your system.
  • Click exit. 
  • Shutdown/restart the computer.
B.  Do not launch any programs or connect to the internet at this time.
    1.  Launch Ad-Aware SE and run a Full Scan.
    2.  When the scan has completed, select Next.
    3.  In the Scanning Results window, select the "Scan Summary" tab.
    4.  Check the box next to each "target family" you wish to remove.
    5.  Click next, Click OK.

C.  Restart your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
D. Launch Ad-Aware SE and click Start and choose the Full Scan
  • Uncheck "Search for negligible risk entries"
  • Scan and again select all critical objects found that you wish to remove
  • Shutdown/restart and run another full scan, posting the results as a reply.
E.  Please download HijackThis© from:  http://www.thespykiller.co.uk/files/HJTsetup.exe

Note:  This is a complete installer that installs HijackThis to your computer to at C:\Program Files\HijackThis, making an entry in the start menu and also providing a desktop shortcut.

At the download prompt, choose "Save".  After the download is complete, navigate to the C:\Program Files\HijackThis folder and double-click it.  When the installation is complete, double-click the HijackThis icon on your desktop.  Select "Do a system scan and save logfile".  Select a name for this first logfile and a text file will be produced. 

Please have word wrap turned ON in Notepad. Copy the text file and paste it here as a reply with your Ad-Aware log.

If you have any questions, please do not hesitate to ask.  Thank you.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline tim

  • Full Member
  • ***
  • Posts: 35
    • View Profile
Re: Had enough yesterday
« Reply #34 on: August 01, 2006, 09:53:39 AM »
When I read this yesterday night, my brother had already bought and installed a new Norton Anti-virus. Therefore, most of the infected files seems to be gone. However, here's the result

Adaware scan

Ad-Aware SE Build 1.06r1
Logfile Created on:den 1 augusti 2006 12:21:22
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R116 24.07.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
NoAdware(TAC index:2):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


2006-08-01 12:21:22 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
    FilePath           : \SystemRoot\System32\
    ProcessID          : 444
    ThreadCreationTime : 2006-08-01 10:16:02
    BasePriority       : Normal


#:2 [winlogon.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 528
    ThreadCreationTime : 2006-08-01 10:16:06
    BasePriority       : High


#:3 [services.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 572
    ThreadCreationTime : 2006-08-01 10:16:06
    BasePriority       : Normal
    FileVersion        : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion     : 5.1.2600.0
    ProductName        : Operativsystemet Microsoft® Windows®
    CompanyName        : Microsoft Corporation
    FileDescription    : Tjänst- och styrenhetsprogram
    InternalName       : services.exe
    LegalCopyright     : © Microsoft Corporation. Med ensamrätt.
    OriginalFilename   : services.exe

#:4 [lsass.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 588
    ThreadCreationTime : 2006-08-01 10:16:06
    BasePriority       : Normal
    FileVersion        : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion     : 5.1.2600.1106
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : LSA Shell (Export Version)
    InternalName       : lsass.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : lsass.exe

#:5 [ati2evxx.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 732
    ThreadCreationTime : 2006-08-01 10:16:07
    BasePriority       : Normal


#:6 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 744
    ThreadCreationTime : 2006-08-01 10:16:07
    BasePriority       : Normal
    FileVersion        : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion     : 5.1.2600.0
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:7 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 916
    ThreadCreationTime : 2006-08-01 10:17:29
    BasePriority       : Normal
    FileVersion        : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion     : 5.1.2600.0
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:8 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 956
    ThreadCreationTime : 2006-08-01 10:17:29
    BasePriority       : Normal
    FileVersion        : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion     : 5.1.2600.0
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:9 [vsmon.exe]
    FilePath           : C:\WINDOWS\system32\ZoneLabs\
    ProcessID          : 1076
    ThreadCreationTime : 2006-08-01 10:17:31
    BasePriority       : Normal
    FileVersion        : 6.5.731.000
    ProductVersion     : 6.5.731.000
    ProductName        : TrueVector Service
    CompanyName        : Zone Labs, LLC
    FileDescription    : TrueVector Service
    InternalName       : vsmon
    LegalCopyright     : Copyright © 1998-2006, Zone Labs, LLC
    OriginalFilename   : vsmon.exe

#:10 [ccsetmgr.exe]
    FilePath           : C:\Program\Delade filer\Symantec Shared\
    ProcessID          : 1268
    ThreadCreationTime : 2006-08-01 10:17:39
    BasePriority       : Normal
    FileVersion        : 104.0.7.3
    ProductVersion     : 104.0.7.3
    ProductName        : Client and Host Security Platform
    CompanyName        : Symantec Corporation
    FileDescription    : Symantec Settings Manager Service
    InternalName       : ccSetMgr
    LegalCopyright     : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
    OriginalFilename   : ccSetMgr.exe

#:11 [explorer.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 1276
    ThreadCreationTime : 2006-08-01 10:17:39
    BasePriority       : Normal
    FileVersion        : 6.00.2800.1106 (xpsp1.020828-1920)
    ProductVersion     : 6.00.2800.1106
    ProductName        : Operativsystemet Microsoft® Windows®
    CompanyName        : Microsoft Corporation
    FileDescription    : Utforskaren
    InternalName       : explorer
    LegalCopyright     : © Microsoft Corporation. Med ensamrätt.
    OriginalFilename   : EXPLORER.EXE

#:12 [ccevtmgr.exe]
    FilePath           : C:\Program\Delade filer\Symantec Shared\
    ProcessID          : 1336
    ThreadCreationTime : 2006-08-01 10:17:44
    BasePriority       : Normal
    FileVersion        : 104.0.7.3
    ProductVersion     : 104.0.7.3
    ProductName        : Client and Host Security Platform
    CompanyName        : Symantec Corporation
    FileDescription    : Symantec Event Manager Service
    InternalName       : ccEvtMgr
    LegalCopyright     : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
    OriginalFilename   : ccEvtMgr.exe

#:13 [sndsrvc.exe]
    FilePath           : C:\Program\Delade filer\Symantec Shared\
    ProcessID          : 1408
    ThreadCreationTime : 2006-08-01 10:17:45
    BasePriority       : Normal
    FileVersion        : 6.0.3.303
    ProductVersion     : 6.0
    ProductName        : Symantec Security Drivers
    CompanyName        : Symantec Corporation
    FileDescription    : Network Driver Service
    InternalName       : SndSrvc
    LegalCopyright     : Copyright 2002 - 2006 Symantec Corporation
    OriginalFilename   : SndSrvc.exe

#:14 [spbbcsvc.exe]
    FilePath           : C:\Program\Delade filer\Symantec Shared\SPBBC\
    ProcessID          : 1420
    ThreadCreationTime : 2006-08-01 10:17:45
    BasePriority       : Normal
    FileVersion        : 2.1.0.4
    ProductVersion     : 2.1.0.4
    ProductName        : SPBBC
    CompanyName        : Symantec Corporation
    FileDescription    : SPBBC Service
    InternalName       : SPBBCSvc
    LegalCopyright     : Copyright (c) 2004, 2005 Symantec Corporation. All rights reserved.
    OriginalFilename   : SPBBCSvc.exe

#:15 [lexbces.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1548
    ThreadCreationTime : 2006-08-01 10:17:45
    BasePriority       : Normal
    FileVersion        : 7.4
    ProductVersion     : 7.4
    ProductName        : MarkVision for Windows (32 bit)
    CompanyName        : Lexmark International, Inc.
    FileDescription    : LexBce Service
    InternalName       : LexBce Service
    LegalCopyright     : (C) 1993 - 2002 Lexmark International, Inc.
    OriginalFilename   : LexBceS.exe

#:16 [spoolsv.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1572
    ThreadCreationTime : 2006-08-01 10:17:46
    BasePriority       : Normal
    FileVersion        : 5.1.2600.0 (XPClient.010817-1148)
    ProductVersion     : 5.1.2600.0
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Spooler SubSystem App
    InternalName       : spoolsv.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : spoolsv.exe

#:17 [lexpps.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1624
    ThreadCreationTime : 2006-08-01 10:17:46
    BasePriority       : Normal
    FileVersion        : 7.4
    ProductVersion     : 7.4
    ProductName        : MarkVision for Windows (32 bit)
    CompanyName        : Lexmark International, Inc.
    FileDescription    : LEXPPS.EXE
    InternalName       : LEXPPS
    LegalCopyright     : (C) 1993 - 2002 Lexmark International, Inc.
    OriginalFilename   : LEXPPS.EXE
    Comments           : MarkVision for Windows '95 New P2P Server  (32-bit)

#:18 [ctsvccda.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1736
    ThreadCreationTime : 2006-08-01 10:17:46
    BasePriority       : Normal
    FileVersion        : 1.0.1.0
    ProductVersion     : 1.0.0.0
    ProductName        : Creative Service for CDROM Access
    CompanyName        : Creative Technology Ltd
    FileDescription    : Creative Service for CDROM Access
    InternalName       : CTsvcCDAEXE
    LegalCopyright     : Copyright (c) Creative Technology Ltd., 1999. All rights reserved.
    OriginalFilename   : CTsvcCDA.EXE

#:19 [mdm.exe]
    FilePath           : C:\Program\Delade filer\Microsoft Shared\VS7Debug\
    ProcessID          : 1768
    ThreadCreationTime : 2006-08-01 10:17:46
    BasePriority       : Normal
    FileVersion        : 7.00.9064.9150
    ProductVersion     : 7.00.9064.9150
    ProductName        : Microsoft Development Environment
    CompanyName        : Microsoft Corporation
    FileDescription    : Machine Debug Manager
    InternalName       : mdm.exe
    LegalCopyright     : Copyright (C) Microsoft Corp. 1997-2000
    OriginalFilename   : mdm.exe

#:20 [navapsvc.exe]
    FilePath           : C:\Program\Norton AntiVirus\
    ProcessID          : 1800
    ThreadCreationTime : 2006-08-01 10:17:46
    BasePriority       : Normal
    FileVersion        : 12.2.0.13
    ProductVersion     : 12.2.0
    ProductName        : Norton AntiVirus
    CompanyName        : Symantec Corporation
    FileDescription    : Norton AntiVirus Auto-Protect Service
    InternalName       : NAVAPSVC
    LegalCopyright     : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
    OriginalFilename   : NAVAPSVC.EXE

#:21 [npfmntor.exe]
    FilePath           : C:\Program\Norton AntiVirus\IWP\
    ProcessID          : 1848
    ThreadCreationTime : 2006-08-01 10:17:47
    BasePriority       : Normal
    FileVersion        : 12.2.0.13
    ProductVersion     : 12.2.0
    ProductName        : Norton AntiVirus
    CompanyName        : Symantec Corporation
    FileDescription    : Norton AntiVirus Firewall Install Monitor
    InternalName       : NPFMonitor
    LegalCopyright     : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
    OriginalFilename   : NPFMonitor.EXE

#:22 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1884
    ThreadCreationTime : 2006-08-01 10:17:47
    BasePriority       : Normal
    FileVersion        : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion     : 5.1.2600.0
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:23 [symlcsvc.exe]
    FilePath           : C:\Program\Delade filer\Symantec Shared\CCPD-LC\
    ProcessID          : 1912
    ThreadCreationTime : 2006-08-01 10:17:47
    BasePriority       : Normal
    FileVersion        : 1.9.1.762
    ProductVersion     : 1.9.1.762
    ProductName        : Symantec Core Component
    CompanyName        : Symantec Corporation
    FileDescription    : Symantec Core Component
    InternalName       : symlcsvc
    LegalCopyright     : Copyright (C) 2003
    OriginalFilename   : symlcsvc.exe

#:24 [directcd.exe]
    FilePath           : C:\Program\Roxio\Easy CD Creator 5\DirectCD\
    ProcessID          : 2120
    ThreadCreationTime : 2006-08-01 10:18:10
    BasePriority       : Normal
    FileVersion        : 5.3.2.34
    ProductVersion     : 5.3.2.34
    ProductName        : DirectCD
    CompanyName        : Roxio
    FileDescription    : DirectCD Application
    InternalName       : DirectCD
    LegalCopyright     : Copyright (c) 2001,2002, Roxio, Inc.
    OriginalFilename   : Directcd.exe

#:25 [point32.exe]
    FilePath           : C:\Program\Microsoft IntelliPoint\
    ProcessID          : 2176
    ThreadCreationTime : 2006-08-01 10:18:13
    BasePriority       : Normal


#:26 [diagent.exe]
    FilePath           : C:\Program\Creative\SBLive\Diagnostics\
    ProcessID          : 2188
    ThreadCreationTime : 2006-08-01 10:18:13
    BasePriority       : Normal
    FileVersion        : 1, 1, 4, 0
    ProductVersion     : 1.01.04
    ProductName        : Creative Diagnostics Agent
    CompanyName        : Creative Technology Ltd
    FileDescription    : Creative Diagnostics Agent
    InternalName       : Creative Diagnostics Agent
    LegalCopyright     : Copyright (C) 2002 Creative Technology Ltd
    OriginalFilename   : diagent.exe

#:27 [bcmsmmsg.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 2208
    ThreadCreationTime : 2006-08-01 10:18:14
    BasePriority       : Normal
    FileVersion        :  3.5.24 02/24/2003 18:29:41
    ProductVersion     :  3.5.24 02/24/2003 18:29:41
    ProductName        : BCM Modem Messaging Applet
    CompanyName        : Broadcom Corporation
    FileDescription    : Modem Messaging Applet
    InternalName       : smdmstat.exe
    LegalCopyright     : Copyright © Broadcom Corporation 1998-2000
    OriginalFilename   : smdmstat.exe

#:28 [tgcmd.exe]
    FilePath           : C:\Program\Telia\Supportassistent\bin\
    ProcessID          : 2376
    ThreadCreationTime : 2006-08-01 10:18:22
    BasePriority       : Normal
    FileVersion        : 5,6,1039,0
    ProductVersion     : 5,6,1039,0
    ProductName        : Support.com Scheduler and Command Dispatcher
    CompanyName        : SupportSoft, Inc.
    FileDescription    : Support.com Scheduler and Command Dispatcher
    InternalName       : TGCMD
    LegalCopyright     : Copyright 1997-2069 SupportSoft
    OriginalFilename   : TGCMD.EXE

#:29 [sweetim.exe]
    FilePath           : C:\Program\Macrogaming\SweetIM\
    ProcessID          : 2384
    ThreadCreationTime : 2006-08-01 10:18:23
    BasePriority       : Normal
    FileVersion        : 1, 1, 0, 151
    ProductVersion     : 1.1.0.151
    ProductName        : MacroGaming SweetIM
    CompanyName        : MacroGaming LTD.
    FileDescription    : SweetIM MSN Messenger Enhancer
    InternalName       : SweetIM
    LegalCopyright     : Copyright © 2005
    OriginalFilename   : SweetIM.exe

#:30 [application launcher.exe]
    FilePath           : C:\Program\Sony Ericsson\Mobile2\Application Launcher\
    ProcessID          : 2392
    ThreadCreationTime : 2006-08-01 10:18:24
    BasePriority       : Normal
    FileVersion        : 1.1.1.3
    ProductVersion     : 1.1.1.3
    ProductName        : Application Launcher
    CompanyName        : Sony Ericsson Mobile Communications AB
    FileDescription    : Application Launcher
    InternalName       : Application Launcher
    LegalCopyright     : Copyright (c) 2005 Popwire AB. All rights reserved.
    OriginalFilename   : Application Launcher.exe

#:31 [capabilitymanager.exe]
    FilePath           : C:\Program\Delade filer\Teleca Shared\
    ProcessID          : 2460
    ThreadCreationTime : 2006-08-01 10:18:26
    BasePriority       : Normal
    FileVersion        : 0.0.1.48
    ProductVersion     : 0.0.1.48
    ProductName        : CapabilityManager
    CompanyName        : Teleca Software Solutions AB
    FileDescription    : Capability Manager
    InternalName       : CapabilityManager.exe
    LegalCopyright     : Copyright © 2004 Teleca Software Solutions AB. All rights reserved.
    OriginalFilename   : CapabilityManager.exe
    Comments           : This is a generic version of this component

#:32 [zlclient.exe]
    FilePath           : C:\Program\Zone Labs\ZoneAlarm\
    ProcessID          : 2484
    ThreadCreationTime : 2006-08-01 10:18:30
    BasePriority       : Normal
    FileVersion        : 6.5.731.000
    ProductVersion     : 6.5.731.000
    ProductName        : Zone Labs Client
    CompanyName        : Zone Labs, LLC
    FileDescription    : Zone Labs Client
    InternalName       : zlclient
    LegalCopyright     : Copyright © 1998-2006, Zone Labs, LLC
    OriginalFilename   : zlclient.exe

#:33 [wuauclt.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 2516
    ThreadCreationTime : 2006-08-01 10:18:44
    BasePriority       : Normal
    FileVersion        : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
    ProductVersion     : 5.4.3790.2182
    ProductName        : Operativsystemet Microsoft® Windows®
    CompanyName        : Microsoft Corporation
    FileDescription    : Automatiska uppdateringar
    InternalName       : wuauclt.exe
    LegalCopyright     : © Microsoft Corporation. Med ensamrätt.
    OriginalFilename   : wuauclt.exe

#:34 [ccapp.exe]
    FilePath           : C:\Program\Delade filer\Symantec Shared\
    ProcessID          : 2524
    ThreadCreationTime : 2006-08-01 10:18:44
    BasePriority       : Normal
    FileVersion        : 104.0.7.3
    ProductVersion     : 104.0.7.3
    ProductName        : Client and Host Security Platform
    CompanyName        : Symantec Corporation
    FileDescription    : Symantec User Session
    InternalName       : ccApp
    LegalCopyright     : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
    OriginalFilename   : ccApp.exe

#:35 [usrprmpt.exe]
    FilePath           : C:\Program\Delade filer\Symantec Shared\Security Center\
    ProcessID          : 2568
    ThreadCreationTime : 2006-08-01 10:18:53
    BasePriority       : Normal
    FileVersion        : 2005.1.2.20
    ProductVersion     : 2005.1
    ProductName        : Norton Security Center
    CompanyName        : Symantec Corporation
    FileDescription    : Norton Security Center Helper
    InternalName       : UsrPrmpt.dll
    LegalCopyright     : Copyright (c) 1997-2004 Symantec Corporation
    OriginalFilename   : UsrPrmpt.dll

#:36 [ctfmon.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 2596
    ThreadCreationTime : 2006-08-01 10:18:54
    BasePriority       : Normal
    FileVersion        : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion     : 5.1.2600.1106
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : CTF Loader
    InternalName       : CTFMON
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : CTFMON.EXE

#:37 [logitechdesktopmessenger.exe]
    FilePath           : C:\Program\Logitech\Desktop Messenger\8876480\Program\
    ProcessID          : 2604
    ThreadCreationTime : 2006-08-01 10:18:55
    BasePriority       : Normal
    FileVersion        : 2.30.04
    ProductVersion     : 2.30.04
    ProductName        : Logitech Desktop Messenger
    CompanyName        : Logitech
    FileDescription    : Logitech Desktop Messenger
    InternalName       : SyncExt
    LegalCopyright     : Copyright (C) Logitech 2000-2005. All rights reserved
    OriginalFilename   : SyncExt.dll
    Comments           : About:
 www.logitech.com/ldm 

Privacy Policy:
 http://privacy.logitech.com

#:38 [setpoint.exe]
    FilePath           : C:\Program\Logitech\SetPoint\
    ProcessID          : 2804
    ThreadCreationTime : 2006-08-01 10:19:10
    BasePriority       : Normal
    FileVersion        : 2.30.399
    ProductVersion     : 2.30.399
    ProductName        : Logitech SetPoint
    CompanyName        : Logitech Inc.
    FileDescription    : Logitech SetPoint Event Manager
    InternalName       : SetPoint
    LegalCopyright     : (C) 1998-2005 Logitech. All rights reserved.
    LegalTrademarks    : Logitech® and SetPoint® are registered trademarks of Logitech Inc.
    OriginalFilename   : SetPoint.exe
    Comments           : Created by the Productivity Software team

#:39 [khalmnpr.exe]
    FilePath           : C:\Program\Delade filer\Logitech\KHAL\
    ProcessID          : 2880
    ThreadCreationTime : 2006-08-01 10:19:19
    BasePriority       : Normal
    FileVersion        : 2.30.314
    ProductVersion     : 2.30.314
    ProductName        : Productivity Software Common Files
    CompanyName        : Logitech Inc.
    FileDescription    : Logitech KHAL Main Process
    InternalName       : KHAL
    LegalCopyright     : (C) 1998-2005 Logitech. All rights reserved.
    LegalTrademarks    : Logitech® and SetPoint® are registered trademarks of Logitech Inc.
    OriginalFilename   : KHALMNPR.EXE
    Comments           : Created by the Productivity Software team

#:40 [nscsrvce.exe]
    FilePath           : C:\Program\Delade filer\Symantec Shared\Security Console\
    ProcessID          : 3400
    ThreadCreationTime : 2006-08-01 10:20:09
    BasePriority       : Normal
    FileVersion        : 2006.1.5.17
    ProductVersion     : 2006.1.5
    ProductName        : Norton Security Console
    CompanyName        : Symantec Corporation
    FileDescription    : Norton Security Console Norton Protection Center Service
    InternalName       : NSCService
    LegalCopyright     : Norton Security Console 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
    OriginalFilename   : NSCSrvce.exe

#:41 [ad-aware.exe]
    FilePath           : C:\Program\Lavasoft\Ad-Aware SE Personal\
    ProcessID          : 3420
    ThreadCreationTime : 2006-08-01 10:20:15
    BasePriority       : Normal
    FileVersion        : 6.2.0.236
    ProductVersion     : SE 106
    ProductName        : Lavasoft Ad-Aware SE
    CompanyName        : Lavasoft Sweden
    FileDescription    : Ad-Aware SE Core application
    InternalName       : Ad-Aware.exe
    LegalCopyright     : Copyright © Lavasoft AB Sweden
    OriginalFilename   : Ad-Aware.exe
    Comments           : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 NoAdware Object Recognized!
    Type               : File
    Data               : A0100063.exe
    TAC Rating         : 2
    Category           : Misc
    Comment            :
    Object             : C:\System Volume Information\_restore{CD341A10-079F-4AEC-AC06-18A32F0A0564}\RP132\
    FileVersion        : 1, 0, 0, 1
    ProductVersion     : 1, 0, 0, 1
    ProductName        : Noadware4 Application
    FileDescription    : Noadware4 Application
    InternalName       : Noadware4
    LegalCopyright     : Copyright (C) 2004-2006
    OriginalFilename   : Noadware4.EXE


 NoAdware Object Recognized!
    Type               : File
    Data               : A0102580.exe
    TAC Rating         : 2
    Category           : Misc
    Comment            :
    Object             : C:\System Volume Information\_restore{CD341A10-079F-4AEC-AC06-18A32F0A0564}\RP134\
    FileVersion        :                     
    CompanyName        :                                                             
    FileDescription    : NoAdware 4.0 Setup                                         
    LegalCopyright     :                                                                                                     
    Comments           : This installation was built with Inno Setup: http://www.innosetup.com


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 2




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

12:43:03 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:21:40.469
Objects scanned:232482
Objects identified:2
Objects ignored:0
New critical objects:2

something strange was that the first scan found 2 infected files. The next scan was the one in safe-mode, and it didn't find any infected files. When I rebooted in normal mode, it found 2 infected files again (this log).
"Although extraordinary valor was displayed by the entire corps of Spartans and Thespaians, yet bravest of all was declared the Spartan Dienekes. It is said that on the eve of battle, he was told by a native of Trachis that the Persian archers were so numerous that, when they fired their volleys, the mass of arrows blocked out the sun. Dienekes, however, quite undaunted by this prospect, remarked with a laugh, "Good. Then we'll have our battle in the shade."" - Herodotus, The Histories.  (If you're interested in the battle of Thermopylae, read "Gates of Fire" by Steven Pressfield)

Offline tim

  • Full Member
  • ***
  • Posts: 35
    • View Profile
Re: Had enough yesterday
« Reply #35 on: August 01, 2006, 09:54:27 AM »
HJT - Log, the last scan.

Logfile of HijackThis v1.99.1
Scan saved at 12:44:28, on 2006-08-01
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program\Microsoft IntelliPoint\point32.exe
C:\Program\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program\Telia\Supportassistent\bin\tgcmd.exe
C:\Program\Macrogaming\SweetIM\SweetIM.exe
C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program\Logitech\SetPoint\SetPoint.exe
C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE
C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: MSN Verktygslåda - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar\01.01.2607.0\sv\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: BitComet¹¤¾ßÀ¸ - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program\BitComet\BitCometBar\BitCometBar0.4.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [diagent] C:\Program\Creative\SBLive\Diagnostics\diagent.exe startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ALUAlert] @e?\ALUNOTIFY.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [HbTools] C:\Program\HbTools\Bin\4.8.0.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program\HbTools\Bin\4.8.0.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [oye3681c] RUNDLL32.EXE w2a62ab7.dll,n 0023681a0000000a2a62ab7
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: bw+0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

"Although extraordinary valor was displayed by the entire corps of Spartans and Thespaians, yet bravest of all was declared the Spartan Dienekes. It is said that on the eve of battle, he was told by a native of Trachis that the Persian archers were so numerous that, when they fired their volleys, the mass of arrows blocked out the sun. Dienekes, however, quite undaunted by this prospect, remarked with a laugh, "Good. Then we'll have our battle in the shade."" - Herodotus, The Histories.  (If you're interested in the battle of Thermopylae, read "Gates of Fire" by Steven Pressfield)

Offline tim

  • Full Member
  • ***
  • Posts: 35
    • View Profile
Re: Had enough yesterday
« Reply #36 on: August 01, 2006, 09:57:14 AM »
right now, I got a fw installed, new norton anti-virus + ad-aware / ccleaner / hjt /ewido etc.. is that enough to protect oneself from now on? besides, the CPU-usage is not 100 % anymore, and those "Project1"'s are gone. The comp feels much "lighter" in a way now, it runs smoother.
"Although extraordinary valor was displayed by the entire corps of Spartans and Thespaians, yet bravest of all was declared the Spartan Dienekes. It is said that on the eve of battle, he was told by a native of Trachis that the Persian archers were so numerous that, when they fired their volleys, the mass of arrows blocked out the sun. Dienekes, however, quite undaunted by this prospect, remarked with a laugh, "Good. Then we'll have our battle in the shade."" - Herodotus, The Histories.  (If you're interested in the battle of Thermopylae, read "Gates of Fire" by Steven Pressfield)

Offline GR@PH;<'S

  • Administrator
  • Hero Member
  • *****
  • Posts: 20125
    • View Profile
    • http://www.taktmobiles.co.uk
Re: Had enough yesterday
« Reply #37 on: August 01, 2006, 11:51:54 AM »
tim,
Quote
is that enough to protect oneself from now on
You may want to take a look at "mitch's newbie list V2.1" also Another good place to visit is "Ghosts Markers"
I do recommend the use of :
POW
SpyBlaster
SpywareGuard
CookieWall
IE-SPYAD

 :blink: But before you install any of these please wait till your PC is clean as I see you still have a few Nasties on there I sure that the HijackThis team will soon come to your aid
GR@PH;<'S   :Hammys pint:
press Enter then have a Brandy then if the problem is still there have another Brandy
Q: does it work
A: It does seem to for a few hours at least.

Offline SpiritWind

  • Full Member
  • ***
  • Posts: 81
    • View Profile
Out-of-date Sun Java
« Reply #38 on: August 02, 2006, 03:50:12 AM »
 :D  Hi Tim :

      Your Sun Java program is 4 Updates behind and is therefore a serious security
      risk; recommend you uninstall it, then go to www.java.com/en & get their latest.
For the BEST in what counts in Life :

www.tacf.org

Offline tim

  • Full Member
  • ***
  • Posts: 35
    • View Profile
Re: Had enough yesterday
« Reply #39 on: August 02, 2006, 01:21:10 PM »
right.. I'm off to Bulgary for some heavy drinking  :Hammys pint:  :hammy:

don't got the time to fix that now, that'll be the first thing when I get home though. however, I'll be back next week. see ya then   :D
"Although extraordinary valor was displayed by the entire corps of Spartans and Thespaians, yet bravest of all was declared the Spartan Dienekes. It is said that on the eve of battle, he was told by a native of Trachis that the Persian archers were so numerous that, when they fired their volleys, the mass of arrows blocked out the sun. Dienekes, however, quite undaunted by this prospect, remarked with a laugh, "Good. Then we'll have our battle in the shade."" - Herodotus, The Histories.  (If you're interested in the battle of Thermopylae, read "Gates of Fire" by Steven Pressfield)

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20375
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Had enough yesterday
« Reply #40 on: August 04, 2006, 12:26:28 AM »
Hi, Tim.  When you return, please scan with HijackThis, select the following and check "fix checked". 

O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [oye3681c] RUNDLL32.EXE w2a62ab7.dll,n 0023681a0000000a2a62ab7
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -


As to the two objects found by Ad-Aware, the reason they didn't show in safe mode is because they are in System Restore.  We'll take care of that later. 

Please post a fresh HJT log and let us know how you're doing.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline tim

  • Full Member
  • ***
  • Posts: 35
    • View Profile
Re: Had enough yesterday
« Reply #41 on: August 09, 2006, 08:19:13 PM »
Heya again! I'm back from Bulgary again, and while I was gone I dunno what my bro/sister has done to the comp.. anyway, I did what you said, I deleted what you wanted me to delete. Here is a new HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 23:17:51, on 2006-08-09
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program\Creative\SBLive\Diagnostics\diagent.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Telia\Supportassistent\bin\tgcmd.exe
C:\Program\Macrogaming\SweetIM\SweetIM.exe
C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe
C:\Program\Logitech\SetPoint\SetPoint.exe
C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE
C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: MSN Verktygslåda - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar\01.01.2607.0\sv\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: BitComet¹¤¾ßÀ¸ - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program\BitComet\BitCometBar\BitCometBar0.4.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [diagent] C:\Program\Creative\SBLive\Diagnostics\diagent.exe startup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ALUAlert] @e?\ALUNOTIFY.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program\Telia\Supportassistent\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [HbTools] C:\Program\HbTools\Bin\4.8.0.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program\HbTools\Bin\4.8.0.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: bw+0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {9336B966-3C33-47D0-A485-964DEDD95C3E} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

"Although extraordinary valor was displayed by the entire corps of Spartans and Thespaians, yet bravest of all was declared the Spartan Dienekes. It is said that on the eve of battle, he was told by a native of Trachis that the Persian archers were so numerous that, when they fired their volleys, the mass of arrows blocked out the sun. Dienekes, however, quite undaunted by this prospect, remarked with a laugh, "Good. Then we'll have our battle in the shade."" - Herodotus, The Histories.  (If you're interested in the battle of Thermopylae, read "Gates of Fire" by Steven Pressfield)

Offline tim

  • Full Member
  • ***
  • Posts: 35
    • View Profile
Re: Had enough yesterday
« Reply #42 on: August 13, 2006, 10:07:34 AM »
are you there lads and lassies?  :?
"Although extraordinary valor was displayed by the entire corps of Spartans and Thespaians, yet bravest of all was declared the Spartan Dienekes. It is said that on the eve of battle, he was told by a native of Trachis that the Persian archers were so numerous that, when they fired their volleys, the mass of arrows blocked out the sun. Dienekes, however, quite undaunted by this prospect, remarked with a laugh, "Good. Then we'll have our battle in the shade."" - Herodotus, The Histories.  (If you're interested in the battle of Thermopylae, read "Gates of Fire" by Steven Pressfield)

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20375
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Had enough yesterday
« Reply #43 on: August 13, 2006, 11:22:36 AM »
Hi, Tim.  Sorry, for the delay in responding. 

Quote
while I was gone I dunno what my bro/sister has done to the comp.

Does that mean it has returned to "normal" or additional problems?

Please remove the line below with HijackThis.

O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline tim

  • Full Member
  • ***
  • Posts: 35
    • View Profile
Re: Had enough yesterday
« Reply #44 on: August 16, 2006, 07:42:36 AM »
It means that I don't know whether they've been using f/w while on internet, if they've installed flaky software etc.. tho things seems to be alright with the comp now. I deleted the line you wanted me too. What to do now?
"Although extraordinary valor was displayed by the entire corps of Spartans and Thespaians, yet bravest of all was declared the Spartan Dienekes. It is said that on the eve of battle, he was told by a native of Trachis that the Persian archers were so numerous that, when they fired their volleys, the mass of arrows blocked out the sun. Dienekes, however, quite undaunted by this prospect, remarked with a laugh, "Good. Then we'll have our battle in the shade."" - Herodotus, The Histories.  (If you're interested in the battle of Thermopylae, read "Gates of Fire" by Steven Pressfield)