I run Symantec and it says my computer is infected with an adware.purityscan. Yet when I follow the instructions for removal, the files do not exist on my registry. Does anyone know how to get rid of this spyware? Any help would be greatly appreciated.
tenaholic1 0 Newbie Poster
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Hi and welcome to Daniweb forums :).
==
Download HijackThis self-extracting zip version from here. Once downloaded, double click on the file & it will install into it's own, permanent folder.
Run hijackthis and hit the Open the Misc Tools Section and then the Open Uninstall Manager.
Then hit the Save List button. Save to the desktop for easy access. Open the log file and copy the entire list and paste it here please.
===========
Copy the bold text below and paste it into notepad. Save it to your desktop as find.bat and make sure type is set to All Files.
cd\
cd Program Files
DIR /AD /B /P > ProgramFiles.txt
start ProgramFiles.txt
cls
exit
Double click find.bat and let it run for a minute. It will open up a report in notepad. Please copy that text and post it here in your next reply.
tenaholic1 0 Newbie Poster
I am sorry it has taken me so long to respond. Thank you SO much for your help. This problem just will not go away. Here are the results:
Ad-aware 6 Personal
Ad-Aware SE Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 9 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.9
Adobe Shockwave Player
AOL Instant Messenger
Apple Software Update
ArcSoft Camera Suite
a-squared HiJackFree 2.1
AT&T Worldnet Service
AVG Anti-Spyware 7.5
CCleaner (remove only)
Conexant SmartHSFi V92 56K DF PCI Modem
Dell Digital Jukebox Driver
Dell Picture Studio - Dell Image Expert
Dell Solution Center
DellSupport
Digital Line Detect
DING!
DVDSentry
Easy CD Creator 5 Basic
Eusing Free Registry Cleaner
FreeFixer
FreeMind
GdiplusUpgrade
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Gpower 2.0i
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
HP Extended Capabilities 6.1
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP PSC & OfficeJet 6.1.A
HP Solution Center and Imaging Support Tools 6.1
HP Update
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java(TM) SE Runtime Environment 6 Update 1
LiveUpdate 3.0 (Symantec Corporation)
Logitech Desktop Messenger
Logitech Mobile Video
MedCalc
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Windows Journal Viewer
Modem Helper
Move Networks Player for Firefox
Mozilla Firefox (2.0.0.3)
MSN Messenger 6.0
MSXML 4.0 SP2 (KB927978)
Musicmatch® Jukebox
NetWaiting
Norton™ Security Scan
NVIDIA Windows 2000/XP Display Drivers
Paint Shop Pro 7
PhotoMontage 1.0 SE
Picasa 2
PowerDVD
QuickTime
R for Windows 2.4.1
RealPlayer
Rhapsody Player Engine
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows XP (KB925902)
Skype 3.1
Skype Plugin Manager
Spybot - Search & Destroy 1.4
SpyCatcher Express 2007
SpywareBlaster v3.5.1
StartUp Manager
Symantec AntiVirus
Update for Windows XP (KB929338)
Viewpoint Media Player
Wal-Mart Music Downloads Store
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 2
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar
a-squared HiJackFree
Adobe
AIM
AIM Toolbar
AOD
Apple Software Update
ArcSoft
AT&T
AWS
BillP Studios
CCleaner
Common Files
ComPlus Applications
CONEXANT
CyberLink
DC++
Dell
Dell Computer
DellSupport
Digital Line Detect
directx
Eusing Free Registry Cleaner
FreeFixer
FreeMind
Google
Gpower
Grisoft
HighMAT CD Writing Wizard
HP
INAC
InstallShield Installation Information
Intel
InterActual
Internet Explorer
iPod
iTunes
Jasc Software Inc
Java
Lavasoft
Logitech
McAfee
MedCalc
Messenger
Microsoft ActiveSync
Microsoft AntiSpyware
microsoft frontpage
Microsoft Office
Microsoft Visual Studio
Modem Helper
Movie Maker
Mozilla Firefox
MSN
MSN Gaming Zone
MSN Messenger
MSXML 4.0
MUSICMATCH
NCH Swift Sound
NetMeeting
NetWaiting
Norton Security Scan
nrpn
Online Services
Outlook Express
PCFriendly
Picasa2
QuickTime
R
Real
Roxio
Skype
Southwest Airlines
Speed Up Alarm
Spybot - Search & Destroy
SpyCatcher
Spyware Doctor
SpywareBlaster
STOPzilla!
Symantec
Symantec AntiVirus
Symantec_Client_Security
The Weather Channel
Trend Micro
Uninstall Information
Viewpoint
Wal-Mart Music Downloads Store
WinAce
Windows Defender
Windows Journal Viewer
Windows Media Player
Windows NT
WindowsUpdate
XEROX
Yahoo!
Hi and welcome to Daniweb forums :).
==
Download HijackThis self-extracting zip version from here. Once downloaded, double click on the file & it will install into it's own, permanent folder.
Run hijackthis and hit the Open the Misc Tools Section and then the Open Uninstall Manager.
Then hit the Save List button. Save to the desktop for easy access. Open the log file and copy the entire list and paste it here please.
===========
Copy the bold text below and paste it into notepad. Save it to your desktop as find.bat and make sure type is set to All Files.
cd\
cd Program Files
DIR /AD /B /P > ProgramFiles.txt
start ProgramFiles.txt
cls
exit
Double click find.bat and let it run for a minute. It will open up a report in notepad. Please copy that text and post it here in your next reply.
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Viewpoint Manager is considered to be foistware, rather than malware, since it is installed without users approval, but doesn't spy or do anything "bad". Please read this article: http://www.clickz.com/news/article.php/3561546
I suggest that you remove the program. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
Viewpoint
Viewpoint Manager
Viewpoint Media Player
=====
You never posted an hijackthis log.
tenaholic1 0 Newbie Poster
Thanks for your help. Here is my hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 10:34:50 PM, on 5/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\a-squared HiJackFree\a2hijackfree.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Erin Fleming\Desktop\HijackThis.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\R\R-2.4.1\bin\Rgui.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: bw+0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program Files\Symantec AntiVirus\Rtvscan.exe
Viewpoint Manager is considered to be foistware, rather than malware, since it is installed without users approval, but doesn't spy or do anything "bad". Please read this article: http://www.clickz.com/news/article.php/3561546
I suggest that you remove the program. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
Viewpoint
Viewpoint Manager
Viewpoint Media Player=====
You never posted an hijackthis log.
tenaholic1 0 Newbie Poster
StartupList report, 5/3/2007, 11:24:11 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Erin Fleming\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16414)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Erin Fleming\Desktop\HijackThis.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\R\R-2.4.1\bin\Rgui.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\notepad.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Erin Fleming\Start Menu\Programs\Startup]
DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MMTray = "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
ISUSPM Startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
Picasa Media Detector = C:\Program Files\Picasa2\PicasaMediaDetector.exe
HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
ccApp = "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
vptray = c:\PROGRA~1\SYMANT~2\VPTray.exe
ISUSScheduler = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
MimBoot = C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
SpyCatcher Reminder = C:\Program Files\SpyCatcher\SpyCatcher.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
AIM = C:\Program Files\AIM\aim.exe -cnetwait.odl
DellSupport = "C:\Program Files\DellSupport\DSAgnt.exe" /startup
swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=secuload.dll
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssmypics.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\SpyCatcher\SCActiveBlock.dll - {0A87E45F-537A-40B4-B812-E2544C21A09F}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
--------------------------------------------------
Enumerating Task Scheduler jobs:
AppleSoftwareUpdate.job
ISP signup reminder 1.job
MP Scheduled Scan.job
Norton Security Scan.job
--------------------------------------------------
Enumerating Download Program Files:
[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
[YInstStarter Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll
[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
[Shutterfly Picture Upload Plugin]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SFUPLO~1.OCX
CODEBASE = http://web1.shutterfly.com/downloads/Uploader.cab
[{B9191F79-5613-4C76-AA2A-398534BB8999}]
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[iTunesDetector Class]
InProcServer32 = C:\Program Files\iTunes\ITDetector.ocx
CODEBASE = http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
[QDiagHUpdateObj Class]
InProcServer32 = C:\WINDOWS\System32\qdiagh.ocx
CODEBASE = http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
[IWinAmpActiveX Class]
InProcServer32 = C:\Program Files\Common Files\Nullsoft\ActiveX\2.0\AmpX.dll
CODEBASE = http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = *Registry value not found*
Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Config.Msi\4cea696.rbf||c:\program files\viewpoint\viewpoint media player\AxMetaStream.dll|||v
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 11,119 bytes
Report generated in 0.407 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
tenaholic1 0 Newbie Poster
Logfile of HijackThis v1.99.1
Scan saved at 10:34:50 PM, on 5/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\a-squared HiJackFree\a2hijackfree.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Erin Fleming\Desktop\HijackThis.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\R\R-2.4.1\bin\Rgui.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: bw+0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F9D1528A-4BD7-47C8-ABA0-8AFCC79B9C11} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program Files\Symantec AntiVirus\Rtvscan.exe
tenaholic1 0 Newbie Poster
I still get the pop ups after removing Viewpoint from my computer. I have posted my hijackthis log so hopefully you can help me fix it. Thanks so much!
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Sorry for the late reply. I only just got the email notification of your reply.
Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.
secuload.dll
You will have to search for it. It is likely to be in the C:\WINDOWS\system32 folder.
tenaholic1 0 Newbie Poster
AhnLab-V32007.5.7.105.07.2007 no virus found
Thanks for all your help. This is what the scan found:
AntiVir
05.07.2007
no virus found
Authentium4.93.805.07.2007 no virus foundAvast4.7.997.005.07.2007 no virus foundAVG7.5.0.46705.07.2007 no virus foundBitDefender7.205.07.2007 no virus foundCAT-QuickHeal9.0005.07.2007 no virus foundClamAVdevel-2007041605.07.2007 no virus foundDrWeb4.3305.07.2007 no virus foundeSafe7.0.15.005.07.2007 no virus foundeTrust-Vet30.7.361605.07.2007 no virus foundEwido4.005.07.2007 no virus foundFileAdvisor105.07.2007 no virus foundFortinet2.85.0.005.07.2007 no virus foundF-Prot4.3.2.4805.07.2007 no virus foundF-Secure6.70.13030.005.07.2007 no virus foundIkarusT3.1.1.705.07.2007 no virus foundKaspersky4.0.2.2405.07.2007 no virus foundMcAfee502505.07.2007 no virus foundMicrosoft1.250305.07.2007 no virus foundNOD32v2224705.07.2007 no virus foundNorman5.80.0205.07.2007 no virus foundPanda9.0.0.405.07.2007 no virus foundPrevx1V205.07.2007 no virus foundSophos4.17.005.05.2007 no virus foundSunbelt2.2.907.005.05.2007 no virus foundSymantec1005.07.2007 no virus foundTheHacker6.1.6.10805.06.2007 no virus foundVBA323.11.405.07.2007 no virus foundVirusBuster4.3.7:905.07.2007 no virus foundWebwasher-Gateway6.0.105.07.2007 no virus found
Aditional InformationFile size: 169544 bytesMD5: b67b10bc913df73b15a95971c9933e72SHA1: 4a76a32c68fb146a1f2029a6d8462dfb9642b0b6
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home gt2('virustotal.com','info','Contactar');Contactar En Español :: ©Hispasec Sistemas 2004-07:: e-mailgt('info'); in
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
1. Download this file from one of the following links :
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
tenaholic1 0 Newbie Poster
Here is the log:
2007-05-07 12:25 28,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys
2007-05-07 12:24 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-05-07 11:00 <DIR> d-------- C:\Program Files\VirusTotalUploader
2007-05-06 19:06 <DIR> d-------- C:\VundoFix Backups
2007-05-03 09:36 <DIR> d-------- C:\Program Files\QuickTime
2007-05-02 01:13 <DIR> d-------- C:\DOCUME~1\ERINFL~1\APPLIC~1\Tenebril
2007-05-02 00:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tenebril
2007-04-30 11:31 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2007-04-30 11:24 40,960 --a-s---- C:\WINDOWS\SYSTEM32\ProcessKiller.dll
2007-04-30 11:24 180,224 --a-s---- C:\WINDOWS\SYSTEM32\archlib.dll
2007-04-30 11:24 169,544 --a-s---- C:\WINDOWS\SYSTEM32\SecuLoad.dll
2007-04-30 11:24 1,130,568 --a-s---- C:\WINDOWS\SYSTEM32\Protector.dll
2007-04-30 11:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\tenarchlib
2007-04-30 11:24 <DIR> d-------- C:\Program Files\SpyCatcher
2007-04-30 11:11 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2007-04-30 01:04 <DIR> d-------- C:\DOCUME~1\ERINFL~1\APPLIC~1\ourTunes
2007-04-25 21:56 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-04-24 20:41 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-04-22 22:00 <DIR> d--h----- C:\DOCUME~1\ERINFL~1\APPLIC~1\Move Networks
2007-04-11 01:34 <DIR> d-------- C:\Program Files\DellSupport
2007-04-09 23:36 <DIR> d-------- C:\DOCUME~1\ERINFL~1\APPLIC~1\WinPatrol
2007-04-09 23:35 <DIR> d-------- C:\Program Files\BillP Studios
2007-04-09 23:27 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-04-09 23:08 <DIR> d-------- C:\DOCUME~1\ERINFL~1\APPLIC~1\Talkback
2007-04-09 01:54 <DIR> d-------- C:\DOCUME~1\ERINFL~1\APPLIC~1\INAC
2007-04-09 01:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\INAC
2007-04-09 01:42 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-04-08 19:58 <DIR> d-------- C:\Program Files\FreeFixer
2007-04-08 17:17 <DIR> d-------- C:\Program Files\Windows Defender
2007-04-08 17:00 <DIR> d-------- C:\DOCUME~1\ERINFL~1\APPLIC~1\Lavasoft
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-07 17:27:37 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-06 01:46:51 -------- d-----w C:\DOCUME~1\ERINFL~1\APPLIC~1\Skype
2007-05-05 19:58:13 -------- d-----w C:\Program Files\Symantec AntiVirus
2007-04-26 03:56:58 -------- d-----w C:\Program Files\Skype
2007-04-16 03:21:01 -------- d-----w C:\Program Files\HP
2007-04-12 05:24:27 -------- d-----w C:\DOCUME~1\ERINFL~1\APPLIC~1\Image Zone Express
2007-04-11 13:19:17 -------- d--h--w C:\DOCUME~1\ERINFL~1\APPLIC~1\GTek
2007-04-08 22:58:23 -------- d-----w C:\Program Files\Lavasoft
2007-04-08 22:55:57 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-04-04 00:26:59 67,645 ----a-w C:\WINDOWS\system32\drivers\pshook11.sys
2007-04-04 00:26:40 -------- d-----w C:\Program Files\INAC
2007-04-03 13:19:24 -------- d-----w C:\Program Files\Viewpoint
2007-04-03 06:22:17 -------- d-----w C:\Program Files\AWS
2007-03-30 16:28:53 -------- d-----w C:\DOCUME~1\ERINFL~1\APPLIC~1\WeatherBug
2007-03-25 02:58:00 -------- d-----w C:\Program Files\iTunes
2007-03-25 02:57:49 -------- d-----w C:\Program Files\iPod
2007-03-20 15:10:29 -------- d-----w C:\DOCUME~1\ERINFL~1\APPLIC~1\AdobeUM
2007-03-15 17:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 17:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
2007-03-15 16:07:08 -------- d-----w C:\Program Files\Picasa2
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll"
"{0A87E45F-537A-40B4-B812-E2544C21A09F}"="C:\Program Files\SpyCatcher\SCActiveBlock.dll"
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar2.dll"
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"="C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MMTray"="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe\""
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="c:\\PROGRA~1\\SYMANT~2\\VPTray.exe"
"ISUSScheduler"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\issch.exe\" -start"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SpyCatcher Reminder"="C:\\Program Files\\SpyCatcher\\SpyCatcher.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"fimq"="C:\\PROGRA~1\\COMMON~1\\fimq\\fimqm.exe"
"CU2"="C:\\Program Files\\Common Files\\VCClient\\VCMain.exe"
"CU1"="C:\\Program Files\\Common Files\\VCClient\\VCClient.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="secuload.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^america online 8.0 tray icon.lnk
C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^digital line detect.lnk
C:\PROGRA~1\DIGITA~1\DLG.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^logitech desktop messenger.lnk
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe /start
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^microsoft office.lnk
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adaptecdirectcd
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aim
C:\Program Files\AIM\aim.exe -cnetwait.odl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe
C:\WINDOWS\System32\ctfmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\digstream
C:\Program Files\DIGStream\digstream.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvdsentry
C:\WINDOWS\System32\DSentry.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldm
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtray
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvmediacenter
RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
nwiz.exe /install
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taskmon
C:\WINDOWS\System32\taskmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48fa3e76-88a8-11da-9c1d-00038a000015}]
Shell\AutoRun\command F:\setupSNK.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton Security Scan.job
********************************************************************
detected NTDLL code modification:
ZwQueryDirectoryFile
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-08 23:52:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-05-09 0:10:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-09 00:10
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.