Free Space Decreasing..

Unknown · April 2007

well my free space on my comp is decreasing all the time (only on disk C -> the system disk) untill it reaches 0 bytes...
now when I check the size of my documents and settings its 4.07 Gigas but when I check the whole size of hte folders inside it it stands for 8.67 gigas.... my pagefile is on disk C and it takes about 1.2 gigas (which are also missing pointing that the missing space in documents and setting is not being used for the page file) ... (btw I can see all the hidden folders) + when I cound how many files I have in my D&S direction it stands on 25k+ but when I count all the files in it (selecting all the folders) it stands on 24k only....
I must add that this problem started 2 days ago and I thought it to be a problem caused by "Brave Sentry" which was removed yesterday....another thing to add is that my CPU is ALWAYS on more that 60%!! and it never been that much (only when running games)...
please help me NOD32 hasnt detected a thing not did adaware (it did detect a trojan named "matrixhasyou" or something similar....but it was deleted..

please help..
I add the Hijackthis log :

I cant upload it because there are insufficiant system resources to open this 25kb txt file (lol)
ill add it after Ill restart my comp.

Logfile of HijackThis v1.99.1
Scan saved at 3:57:26 PM, on 4/8/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\drwtsn32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aaotracker.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
O1 - Hosts: 212.179.139.140 localhost
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - (no file)
O2 - BHO: Sahaj Toolbar - {eb4e526b-68d5-4728-ae18-a1fe66dcd69e} - C:\Program Files\Sahaj\tbSaha.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Sahaj Toolbar - {eb4e526b-68d5-4728-ae18-a1fe66dcd69e} - C:\Program Files\Sahaj\tbSaha.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "E:\myprograms_sasha\quicktime6\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Morpheus.lnk = D:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ABBYY Lingvo 6.0 Launcher.lnk = E:\MyPrograms_Sasha\Lingo6\LvAgent.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {346685E3-C383-11CF-A5A4-00AA00A45705} (ActiveX Control) - http://imd.gonext.co.il/gonext/zazabox/pc/SISActiveX.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {51C98AC0-31D3-4049-B659-24389E0D94E3} (TCM3Control Control) - http://video.icellcom.co.il/TCM3Viewer.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5B9E8E95-D236-4C6B-9BD6-0C6994A75FBC} (MvRec Class) - http://coolmail.nana.co.il/webmail/plugin/mvrecord.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/islandrally/ActiveLauncher/ActiveLauncherSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4362/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab
O18 - Protocol: bw+0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

+ another thing ... NOD32 has suddently detected win32\spy.goldun.naz trojan in a file in system32 --> msvcrl.dll which was deleted and now IE wouldnt start.
thanks for helping

peku006 · April 2007

Hi Dave32 and welcome to Short-Media. I'm checking your log, so please be patient.

peku006 · April 2007

Hi Dave32

Please download SDFix and save it to your Desktop.

Please then reboot your computer in Safe Mode by doing the
following :
* Restart your computer
* After hearing your computer beep once during startup, but before the
Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.
* In Safe Mode, right click the SDFix.zip folder and choose Extract All,

* Open the extracted folder and double click RunThis.bat to
start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the
registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool
will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and
display Finished, then press any key to end the script and load
your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the
contents of the results file Report.txt back onto the forum with
a new HijackThis log

Dave32 · April 2007

Thanks for answering soo quickly!
Well I couldnt load Windows because of insufficiant system recourses to load API or something like this soo now im using some boot software made by "DIGIWIZ" which is called "MiniPE2-XP" ...Im currently running some Antivirus programs such as Norton and some unknown to me A2 scanner (found 6 malware so far)...
I will download SDfix in a moment.
Thanks for helping

Dave32 · April 2007

Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 10:58:44 AM, on 4/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
E:\myprograms_sasha\quicktime6\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
E:\MyPrograms_Sasha\Lingo6\LvAgent.exe
E:\MyPrograms_Sasha\Explorers\Firefox\firefox.exe
D:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aaotracker.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - (no file)
O2 - BHO: Sahaj Toolbar - {eb4e526b-68d5-4728-ae18-a1fe66dcd69e} - C:\Program Files\Sahaj\tbSaha.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Sahaj Toolbar - {eb4e526b-68d5-4728-ae18-a1fe66dcd69e} - C:\Program Files\Sahaj\tbSaha.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "E:\myprograms_sasha\quicktime6\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Morpheus.lnk = D:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ABBYY Lingvo 6.0 Launcher.lnk = E:\MyPrograms_Sasha\Lingo6\LvAgent.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {346685E3-C383-11CF-A5A4-00AA00A45705} (ActiveX Control) - http://imd.gonext.co.il/gonext/zazabox/pc/SISActiveX.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {51C98AC0-31D3-4049-B659-24389E0D94E3} (TCM3Control Control) - http://video.icellcom.co.il/TCM3Viewer.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5B9E8E95-D236-4C6B-9BD6-0C6994A75FBC} (MvRec Class) - http://coolmail.nana.co.il/webmail/plugin/mvrecord.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/islandrally/ActiveLauncher/ActiveLauncherSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4362/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab
O18 - Protocol: bw+0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mctskshd.exe (file missing)
O23 - Service: McAfee User Manager (mcusrmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

Dave32 · April 2007

I cant send the SDfix one because I get a messege:
"You are not allowed to post links yet. Please send a private message to General Keebler if you have any questions."

soo Ill attach it ...

+ now the free disk spce isnt decreecing !! (Yay) BUT its stuck on 20 MB ...
when I was in the DIGIWIZ system it showed 1 gb...
and I still have the same problem with the Documents and settings folder.

peku006 · April 2007

Hi Dave32

Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O16 - DPF: {346685E3-C383-11CF-A5A4-00AA00A45705} (ActiveX Control) - http://imd.gonext.co.il/gonext/zazabox/pc/SISActiveX.cab
O16 - DPF: {51C98AC0-31D3-4049-B659-24389E0D94E3} (TCM3Control Control) - http://video.icellcom.co.il/TCM3Viewer.cab
O16 - DPF: {5B9E8E95-D236-4C6B-9BD6-0C6994A75FBC} (MvRec Class) - http://coolmail.nana.co.il/webmail/plugin/mvrecord.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/islandrally/ActiveLauncher/ActiveLauncherSetu p.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab

Close ALL open windows
Click Fix Checked
Close HiajckThis

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!

Double-click ATF Cleaner.exe to open it.
Under Main select the following:
* Windows Temp
* Current User Temp
* All Users Temp
* Temporary Internet Files
* Prefetch
* Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
Click Exit on the Main menu to close the program.

Print out these instructions or save them with notepad or Word

Your log seems to be clean. To make sure, please download AVG Anti-Spyware to your desktop. When ready, do following:

Start AVG Anti-Spyware
Click the Update icon
Click Start update
Wait until updates are downloaded
Click the Scanner icon
Open the Settings tab
- Make sure that under "How to act?" read Quarantine
  (If not, click the text and choose Quarantine)
- Under "How to scan?" all checkboxes should be ticked
- Under "Reports" select Automatically generate report after every scan
  and uncheck Only if threats were found
- Under "What to scan?" select Scan every file
Click the Shield icon
Under the "Resident shield is" click active to make it inactive
Close AVG Anti-Spyware

=========================================
Reboot to safe mode

If the computer is running, shut down Windows, and then turn off the power
Wait 30 seconds, and then turn the computer on
Start tapping the F8 key
The Windows Advanced Options Menu appears
Ensure that the Safe Mode option is selected
Press Enter. The computer then begins to start in Safe mode
Login on your usual account

=========================================

Close all open windows / programs / folders
Start AVG Anti-Spyware
Click the Scanner icon
Click Complete System Scan
Let the program scan the machine
When the scan has finished, follow the instructions below
- Make sure that under "Set all elements to" read Quarantine
  (If not, click the text and choose Quarantine)
- Click Apply all actions
- Click Save Report
- Click Save reports as
- Save report to your Desktop

=========================================

Download Deckard's System Scanner to your Desktop.

* Close all applications and windows.
* Double-click on Dss.exe to run it, and follow the prompts.
* The scan may take a minute. When the scan is complete, a text file will open - Main.txt and extra.txt

Post fresh HijackThis log , Dss Main.txt and extra.txt the AVG Anti-Spyware report:)

Dave32 · April 2007

thanks for helping ill do that right now ... what I have noticed is a large numbers of about a giga each in the next folder (it makes the system think there are 130 giga uses [and I have only 0 giga on that partition])
C:\Documents and Settings\Dave\Local Settings\Temp\nsc4.tmp

the names are weird (not english ....)

Dave32 · April 2007

AVG Anti-Spyware - Scan Report

+ Created at: 6:15:08 PM 4/10/2007
+ Scan result:

HKU\.DEFAULT\Software\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-1060284298-1425521274-1801674531-1010\Software\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Altnet -> Adware.Altnet : Error during cleaning.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-1060284298-1425521274-1801674531-1010\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Cleaned with backup (quarantined).
C:\Program Files\Windows TaskAd -> Adware.WinTaskAd : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\LQ -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\LQ -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1060284298-1425521274-1801674531-1010\Software\LQ -> Dialer.Generic : Cleaned with backup (quarantined).
D:\My Downloads\Internet[1].Download.Manager.v5.05.patch..by.Extreme.Team.rar/internet.download.manager.v.5.05-patch.exe -> Downloader.Delf.aup : Cleaned with backup (quarantined).
D:\My Downloads\Crack\httpprotocol.dll -> Downloader.Small : Cleaned with backup (quarantined).
D:\Program Files\eDonkey2000\Incoming\Messenger.Plus.[L10Network.Net].exe/Sponsor.exe -> Downloader.Swizzor.bt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\appwiz.dll -> Logger.Goldun.bw : Cleaned with backup (quarantined).
C:\Documents and Settings\Dave\Desktop\BF2\Battlefield.2.KeyManager.[L1(o)Network.net]\onceisenough.exe -> Not-A-Virus.HackTool.Win32.Ares.a : Cleaned with backup (quarantined).
D:\Program Files\eDonkey2000\Incoming\Battlefield.2.KeyManager.[L1(o)Network.net].zip/onceisenough.exe -> Not-A-Virus.HackTool.Win32.Ares.a : Cleaned with backup (quarantined).
D:\Program Files\eDonkey2000\Incoming\Battlefield.2.KeyManager.[L1(o)Network.net]\onceisenough.exe -> Not-A-Virus.HackTool.Win32.Ares.a : Cleaned with backup (quarantined).
C:\WINDOWS\update\start.exe -> Not-A-Virus.NetTool.Win32.CalcSETI@Home.c : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.140:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.141:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Local Settings\Temp\Cookies\dave@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dave\Local Settings\Temp\Cookies\dave@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.143:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.145:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.8:C:\Documents and Settings\Dave\Application Data\Mozilla\Profiles\default\90uyughz.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.11:C:\Documents and Settings\Sasha\Application Data\Mozilla\Profiles\default\jf0842x2.slt\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.11:D:\Document and settings\Sasha\Application Data\Mozilla\Profiles\default\jf0842x2.slt\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.63:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.65:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.70:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
D:\Document and settings\Sasha\Cookies\sasha@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
D:\Document and settings\Sasha\Cookies\sasha@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Dave\Local Settings\Temp\Cookies\dave@com[1].txt -> TrackingCookie.Com : Cleaned.
D:\Document and settings\Sasha\Cookies\sasha@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.68:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.134:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.135:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.136:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dave\Local Settings\Temp\Cookies\dave@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
D:\Document and settings\Sasha\Cookies\sasha@komtrack[2].txt -> TrackingCookie.Komtrack : Cleaned.
:mozilla.57:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.6:C:\Documents and Settings\Sasha\Application Data\Mozilla\Profiles\default\jf0842x2.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.6:D:\Document and settings\Sasha\Application Data\Mozilla\Profiles\default\jf0842x2.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.84:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.85:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.144:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.146:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.147:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.148:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Dave\Local Settings\Temp\Cookies\dave@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Dave\Local Settings\Temp\Cookies\dave@spylog[2].txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.12:C:\FOUND.000\FILE0001.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.58:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.59:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.60:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.61:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.62:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.66:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
D:\Document and settings\Sasha\Cookies\sasha@ad.text.tbn[1].txt -> TrackingCookie.Texttbnru : Cleaned.
:mozilla.10:C:\Documents and Settings\Sasha\Application Data\Mozilla\Profiles\default\jf0842x2.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.10:D:\Document and settings\Sasha\Application Data\Mozilla\Profiles\default\jf0842x2.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.64:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Dave\Local Settings\Temp\Cookies\dave@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
D:\Document and settings\Sasha\Cookies\sasha@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.15:C:\Documents and Settings\Sasha\Application Data\Mozilla\Profiles\default\jf0842x2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.15:D:\Document and settings\Sasha\Application Data\Mozilla\Profiles\default\jf0842x2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.16:C:\Documents and Settings\Sasha\Application Data\Mozilla\Profiles\default\jf0842x2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.16:D:\Document and settings\Sasha\Application Data\Mozilla\Profiles\default\jf0842x2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.17:C:\Documents and Settings\Sasha\Application Data\Mozilla\Profiles\default\jf0842x2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.17:D:\Document and settings\Sasha\Application Data\Mozilla\Profiles\default\jf0842x2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.18:C:\Documents and Settings\Sasha\Application Data\Mozilla\Profiles\default\jf0842x2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.18:D:\Document and settings\Sasha\Application Data\Mozilla\Profiles\default\jf0842x2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.19:C:\Documents and Settings\Sasha\Application Data\Mozilla\Profiles\default\jf0842x2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.19:D:\Document and settings\Sasha\Application Data\Mozilla\Profiles\default\jf0842x2.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Dave\Local Settings\Temp\Cookies\dave@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

Dave32 · April 2007

Deckard's System Scanner v20070328.36
Extra logfile - please post this as an attachment with your post.

-- System Information

Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 510.67 MiB / 212.54 MiB
Pagefile Memory (total/avail): 1503.57 MiB / 1206.88 MiB
Virtual Memory (total/avail): 2047.88 MiB / 2003.09 MiB
A: is Removable (Unformatted)
C: is Fixed (FAT32) - 9.76 GiB total, 0.16 GiB free.
D: is Fixed (FAT32) - 34.49 GiB total, 7.6 GiB free.
E: is Fixed (FAT32) - 30.25 GiB total, 3.17 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is Fixed (NTFS) - 18.64 GiB total, 3.39 GiB free.

-- Security Center

AUOptions is disabled.
AUState says computer has updates disabled.
Windows Internal Firewall is enabled.

-- Environment Variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dave\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dave
LOGONSERVER=\\HOME
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;E:\myprograms_sasha\quicktime6\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0205
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Dave\LOCALS~1\Temp
TMP=C:\DOCUME~1\Dave\LOCALS~1\Temp
USERDOMAIN=HOME
USERNAME=Dave
USERPROFILE=C:\Documents and Settings\Dave
windir=C:\WINDOWS

-- User Profiles

Sasha (admin)
David_2 (admin)
Dave (admin)
Administrator (admin)
Guest (guest, profile directory not found)

-- Add/Remove Programs

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 7.0 Professional Edition --> MsiExec.exe /I{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}
ABBYY Lingvo 6.0 --> C:\WINDOWS\bitdeins.exe E:\MYPROG~1\Lingo6\bitdeins.ini
Ad-Aware SE Professional --> C:\PROGRA~1\LAVASOFT\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~2\INSTALL.LOG
Adobe Acrobat 6.0 Professional --> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Download Manager 1.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Reader Japanese Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5A76-5A64-7E8A45000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AIM Pro --> MsiExec.exe /X{D3A04D2F-28C4-4D9C-8487-DAB75992AE09}
All To MP3 Converter 1.4.3 --> "D:\Program Files\All To MP3 Converter\unins000.exe"
AltoMP3 Gold 5.06 --> "D:\Program Files\AltoMP3 Gold\unins000.exe"
America's Army --> MsiExec.exe /I{6778954C-13C2-4333-AF77-F5C885EB280F}
AnalyzeForSpeed --> MsiExec.exe /I{66A9D31F-D7FB-43E6-9DE3-6E30D7F62604}
AOL Instant Messenger --> D:\Program Files\AIM\uninstll.exe -LOG= D:\Program Files\AIM\install.log -OEM=
Apple Software Update --> MsiExec.exe /I{5B433733-BB31-4B40-BCBA-DDED37626641}
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
AVG Anti-Spyware 7.5 --> C:\Documents and Settings\Dave\Desktop\AVG\AVG Anti-Spyware 7.5\Uninstall.exe
BCM Diagnostics Pro --> C:\PROGRA~1\BCMDIA~1\bcmrmv.exe -W"BCM System Information Server" -C"BCM HSYSMON WINDOW" -M"C:\WINDOWS\uninst.exe -f|C:\Program Files\BCM Diagnostics Pro\DeIsL1.isu|"
BurnPlugin for Audible --> MsiExec.exe /I{301120E0-45A9-498C-8627-19E7E20EFA3A}
Colorific --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\LightSurf\Colorific\cfmunins.isu" -c"C:\PROGRA~1\LIGHTS~1\COLORI~1\cfmunins.dll" ProdNameColorific
Combat Net Radio --> MsiExec.exe /I{7F56AC95-7C60-4044-8BA9-E7A54AE242D0}
Corel Painter Essentials 2 --> MsiExec.exe /X{B946D46E-1302-48B4-84EE-B74C3191D975}
Crystal Player Professional 1.8 --> D:\Program Files\Crystal Player\Uninstall.exe
Data Access Objects (DAO) 3.5 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Common Files\Microsoft Shared\DAO\Uninst.isu"
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Pro Codec Adware --> C:\WINDOWS\unvise32.exe D:\Program Files\DivX\DivX Pro Codec Adware\UninstalDivXProCodecAdware.log
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVlaD --> C:\WINDOWS\st6unst.exe -n "D:\Program Files\DVlaD\ST6UNST.LOG"
EasyRecovery Professional --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{268723B7-A994-4286-9F85-B974D5CAFC7B} /l1033
eMule --> "D:\Program Files\eMule\Uninstall.exe"
FilePlanet Download Manager 2.1 --> D:\Program Files\FilePlanet\Download Manager\uninst.exe
FlashFXP v3 --> "D:\Program Files\FlashFXP\unins000.exe"
FREE Hi-Q Recorder 1.9 --> "E:\MyPrograms_Sasha\FREE Hi-Q Recorder\unins000.exe"
GMail Drive Shell Extension --> rundll32.exe C:\WINDOWS\system32\ShellExt\GMailFS.dll,Uninstall C:\WINDOWS\system32\ShellExt\GMailFS.inf
gmax --> MsiExec.exe /X{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar5.dll"
Graph 4.1 --> "C:\Program Files\Graph\unins000.exe"
HAOM (Hydra's Army Operations Manager) --> C:\WINDOWS\st6unst.exe -n "D:\Program Files\Kustom Appz Software\HAOM\ST6UNST.LOG"
HAOM (Hydra's Army Operations Manager) (D:\Program Files\Kustom Appz Software\HAOM\) --> C:\WINDOWS\st6unst.exe -n "D:\Program Files\Kustom Appz Software\HAOM\ST6UNST.000"
HijackThis 1.99.1 --> D:\Program Files\HijackThis\HijackThis.exe /uninstall
HP DeskJet 720C Series (Remove only) --> C:\Program Files\HP DeskJet 720C Series v10.3\hpfiui.exe -c -vdivid=HPF -vpnum=14 -vproduct=720C -huninstall
IBM ViaVoice Command and Control Runtime 5.3 - UK English --> C:\ViaVoice\Bin\vunUK.exe ProdRunControl Dc En_UK 'IBM ViaVoice™ Command and Control Runtime' C:\WINDOWS\IsUninst.exe -fC:\ViaVoice\DeIsL1.isu
IconPackager --> D:\PROGRA~1\STARDOCK\OBJECT~1\ICONPA~1\iconpackager.exe /uninstallwise
ICQ 5.1 --> D:\Program Files\ICQLite\ICQLiteUninstall.EXE
InCD (Ahead Software) --> C:\WINDOWS\NuNInst.exe /UNINSTALL
InstallRTC --> MsiExec.exe /X{200F584F-848D-4B6B-B1A1-C74D735F18A4}
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
Internet Download Manager --> D:\Program Files\Internet Download Manager\Uninstall.exe
Internet Explorer Update Q816506 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q816506.inf
iPod for Windows 2005-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes --> MsiExec.exe /I{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6}
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
K-Lite Codec Pack 2.70 Full --> "E:\MyPrograms_Sasha\K-Lite_Codec\K-Lite Codec Pack\unins000.exe"
Key okey --> "E:\MyPrograms_Sasha\Typing_tutors\keyokey\Key okey\uninstall.exe"
Lion Heart's Codec Pack --> C:\WINDOWS\iun6002.exe "C:\Program Files\Lion Heart's Codec Pack\irunin.ini"
Lion Heart's eMule Plus --> C:\WINDOWS\iun6002.exe "C:\Program Files\eMule\irunin.ini"
Lion Heart's eMule Plus --> C:\WINDOWS\iun6002.exe "D:\Program Files\eMule\irunin.ini"
Logitech ImageStudio --> MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
Logitech Print Service --> C:\PROGRA~1\LOGITECH\PRINTS~1\UNWISE.EXE C:\PROGRA~1\LOGITECH\PRINTS~1\INSTALL.LOG
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
LogonStudio --> D:\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE D:\PROGRA~1\WINCUS~1\LOGONS~1\INSTALL.LOG
Macromedia Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~2\INSTALL.LOG
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Media Library Management Wizard --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
Messenger Plus! Live & Sponsor --> "D:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Hebrew User Interface Pack --> MsiExec.exe /I{901E040D-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Morpheus 5.3 (remove only) --> "D:\Program Files\Morpheus\UninstMorpheus.exe"
Mozilla Firefox (1.0.1) --> C:\WINDOWS\UninstallFirefox.exe /ua "1.0.1 (en-US)"
Mp3 To All Converter V1.37.1 --> "D:\Program Files\Mp3 To All Converter\unins000.exe"
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero 6 Ultra Edition --> C:\Program Files\Ahead\Nero\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Netscape (7.02) --> C:\WINDOWS\NSUninst.exe /ua "7.02 (en)"
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1 --> "C:\Program Files\Eset\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
Opera --> E:\MYPROG~1\EXPLOR~1\OPERA\UNINST\UNWISE.EXE E:\MYPROG~1\EXPLOR~1\OPERA\UNINST\INSTALL.LOG
Pack Crystal XP 3.0 --> D:\WINDOWS\Packs\Crystal XP\Uninstall.exe
Plus! MP3 Audio Converter LE --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall
QuickTime --> MsiExec.exe /I{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhinoceros 3.0 Evaluation --> D:\PROGRA~1\RHINOC~1.0EV\System\Unwise.exe D:\PROGRA~1\RHINOC~1.0EV\System\Install.log
River Past Video Cleaner --> C:\WINDOWS\Video Cleaner Uninstaller.exe
Sahaj Toolbar --> C:\PROGRA~1\SAHAJ\UNWISE.EXE C:\PROGRA~1\SAHAJ\INSTALL.LOG
Shockwave --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
SideWinder Force Feedback Wheel (USB) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft Hardware\Game Controllers\Force Feedback Wheel (USB)\Uninst.isu" -c"C:\Program Files\Microsoft Hardware\Game Controllers\Force Feedback Wheel (USB)\Uninstall.dll"
Skype 2.5 --> "D:\Program Files\Skype\Phone\unins000.exe"
SpeechRedist --> MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
SpeedFan (remove only) --> "D:\Program Files\SpeedFan\uninstall.exe"
SuperMemo 2002 (Build: 11.04) --> E:\MyPrograms_Sasha\Supermemo\SM2002\Uninst\unins000.exe
System Requirements Lab --> C:\Program Files\Common Files\SystemRequirementsLab\Uninstall.exe
Tablet --> C:\Program Files\Tablet\Remove.exe /u
TeamSpeak 2 RC2 --> "D:\Program Files\Teamspeak2_RC2\unins001.exe"
TeamSpeak 2 Server RC2 --> "D:\Program Files\Teamspeak2_RC2\unins000.exe"
The French Tutorial Personal Edition --> D:\Program Files\The French Tutorial Personal Edition\uninstall.exe
Trillian --> D:\Program Files\Trillian\trillian.exe /uninstall
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Turbo Pascal 7.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\TP\DeIsL1.isu" -c"C:\Program Files\TP\_ISREG32.DLL"
Uninstall ESS Modem --> C:\WINDOWS\remvess
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Media Bonus Pack for Windows XP --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Address AutoComplete --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\yaddbook.dll
Yahoo! extras --> C:\Program Files\Yahoo!\Common\unycust.exe /S
Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG

-- End of Deckard's System Scanner: finished at 2007-04-10 at 18:23:09

Dave32 · April 2007

Deckard's System Scanner v20070328.36
Run by Dave on 2007-04-10 at 18:20:58
Computer is in Normal Mode.

-- System Restore

System Restore is disabled; attempting to re-enable...success.

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Dave.exe)

Logfile of HijackThis v1.99.1
Scan saved at 6:22:49 PM, on 4/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Documents and Settings\Dave\Desktop\AVG\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
E:\myprograms_sasha\quicktime6\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
E:\MyPrograms_Sasha\Lingo6\LvAgent.exe
C:\Documents and Settings\Dave\Desktop\dss.exe
D:\PROGRA~1\HIJACK~1\Dave.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aaotracker.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Sahaj Toolbar - {eb4e526b-68d5-4728-ae18-a1fe66dcd69e} - C:\Program Files\Sahaj\tbSaha.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Sahaj Toolbar - {eb4e526b-68d5-4728-ae18-a1fe66dcd69e} - C:\Program Files\Sahaj\tbSaha.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "E:\myprograms_sasha\quicktime6\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Dave\Desktop\AVG\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Morpheus.lnk = D:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ABBYY Lingvo 6.0 Launcher.lnk = E:\MyPrograms_Sasha\Lingo6\LvAgent.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - [URL]file://C:\TempEI4\EI40_\msxml4.cab[/URL]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4362/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab
O18 - Protocol: bw+0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Dave\Desktop\AVG\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mctskshd.exe (file missing)
O23 - Service: McAfee User Manager (mcusrmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

-- HijackThis Fixed Entries (D:\PROGRA~1\HIJACK~1\backups\)

backup-20070410-120427-511 O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/islandrally/ActiveLauncher/ActiveLauncherSetup.cab
backup-20070410-165213-945 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20070410-165213-724 O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - (no file)
backup-20070410-165213-120 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
backup-20070410-165213-934 O16 - DPF: {346685E3-C383-11CF-A5A4-00AA00A45705} (ActiveX Control) - http://imd.gonext.co.il/gonext/zazabox/pc/SISActiveX.cab
backup-20070410-165213-697 O16 - DPF: {51C98AC0-31D3-4049-B659-24389E0D94E3} (TCM3Control Control) - http://video.icellcom.co.il/TCM3Viewer.cab
backup-20070410-165214-540 O16 - DPF: {5B9E8E95-D236-4C6B-9BD6-0C6994A75FBC} (MvRec Class) - http://coolmail.nana.co.il/webmail/plugin/mvrecord.cab
backup-20070410-165214-804 O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
-- File Associations

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R0 BsStor (InCD Storage Helper Driver) - c:\windows\system32\drivers\bsstor.sys
R0 giveio - c:\windows\system32\giveio.sys
R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys
R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys
R0 sfdrv01a (StarForce Protection Environment Driver (version 1.x.a)) - c:\windows\system32\drivers\sfdrv01a.sys
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys
R0 speedfan - c:\windows\system32\speedfan.sys
R1 Cdr4_xp - c:\windows\system32\drivers\cdr4_xp.sys
R1 Cdralw2k - c:\windows\system32\drivers\cdralw2k.sys
R1 MPFP - c:\windows\system32\drivers\mpfp.sys
R1 nod32drv - c:\windows\system32\drivers\nod32drv.sys
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys
R1 sf (SFI Service) - c:\windows\system32\drivers\sf.sys
R2 AMON - c:\windows\system32\drivers\amon.sys
R2 BCMNTIO - c:\program files\bcm diagnostics pro\bcmntio.sys
R2 BsUDF (InCD UDF Driver) - c:\windows\system32\drivers\bsudf.sys
R2 Gem98 - c:\windows\system32\drivers\gem98.sys
R2 HSMPORT - c:\program files\bcm diagnostics pro\sysmon\hsmport.sys
R2 MAPMEM - c:\program files\bcm diagnostics pro\mapmem.sys
R2 SVKP - c:\windows\system32\svkp.sys
R2 Vcs (Vcs support) - c:\windows\system32\drivers\vcs.sys
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys
R3 Edspport (EDSP Port Driver) - c:\windows\system32\drivers\es56hpi.sys
R3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys
R3 QCDonner (Logitech QuickCam Express(PID_0840)) - c:\windows\system32\drivers\lvcd.sys
R3 SMBios (Intel (R) System Managment BIOS Service) - c:\windows\system32\drivers\smbios.sys
R3 smwdm - c:\windows\system32\drivers\smwdm.sys
S0 d346bus - c:\windows\system32\drivers\d346bus.sys (file missing)
S0 d346prt - c:\windows\system32\drivers\d346prt.sys (file missing)
S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
S2 HPFECP14 - c:\windows\system32\drivers\hpfecp14.sys
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 GcKernel (Microsoft SideWinder Value Add - Filter Driver) - c:\windows\system32\drivers\gckernel.sys
S3 genmcmn (Scroll Mouse Driver) - c:\windows\system32\drivers\gmfiltr.sys
S3 genmcmnUSB (USB Scroll Mouse Driver) - c:\windows\system32\drivers\gflmouhid.sys
S3 GT890x (Dual-Mode DSC (Still Camera)) - c:\windows\system32\drivers\gt890x.sys (file missing)
S3 HIDSwvd (Microsoft SideWinder Virtual HID Device Mini-Driver) - c:\windows\system32\drivers\hidswvd.sys
S3 MidiSyn - c:\windows\system32\drivers\midisyn.sys
S3 NaiFiltr - c:\windows\system32\drivers\naifiltr.sys
S3 ndiscm (Motorola SurfBoard USB Cable Modem Windows 2000 Driver) - c:\windows\system32\drivers\netmotcm.sys (file missing)
S3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\windows\system32\drivers\rootmdm.sys
S3 SymEvent - c:\program files\symantec\symevent.sys (file missing)
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R2 PnkBstrA - c:\windows\system32\pnkbstra.exe
R2 SoundMAX Agent Service (default) (SoundMAX Agent Service) - c:\program files\analog devices\soundmax\smagent.exe
R2 TabletService - c:\windows\system32\tablet.exe
R2 uploadmgr (Upload Manager) - c:\windows\system32\svchost.exe -k netsvcs
R2 UxTuneUp (TuneUp Design Expansion) - c:\windows\system32\svchost.exe -k netsvcs
R2 WmdmPmSp (Portable Media Serial Number) - c:\windows\system32\svchost.exe -k netsvcs
S2 McLogManagerService (McAfee Log Manager) - c:\progra~1\mcafee\msc\mclogsrv.exe (file missing)
S2 mcmispupdmgr (McAfee Update Manager) - c:\progra~1\mcafee\msc\mcupdmgr.exe (file missing)
S2 McODS (McAfee Scanner) - c:\progra~1\mcafee\viruss~1\mcods.exe (file missing)
S2 mcpromgr (McAfee Protection Manager) - c:\progra~1\mcafee\msc\mcpromgr.exe (file missing)
S2 McShield (McAfee Real-time Scanner) - c:\progra~1\mcafee\viruss~1\mcshield.exe (file missing)
S2 McSysmon (McAfee SystemGuards) - c:\progra~1\mcafee\viruss~1\mcsysmon.exe (file missing)
S2 mctskshd.exe (McAfee Task Scheduler) - c:\progra~1\mcafee\msc\mctskshd.exe (file missing)
S2 mcusrmgr (McAfee User Manager) - c:\progra~1\mcafee\msc\mcusrmgr.exe (file missing)
S3 PnkBstrB - c:\windows\system32\pnkbstrb.exe
S3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe -k netsvcs
S4 Evendede -
S4 mcupdmgr.exe (McAfee SecurityCenter Update Manager) - c:\progra~1\mcafee.com\agent\mcupdmgr.exe (file missing)
S4 MCVSRte (McAfee.com VirusScan Online Realtime Engine) - c:\progra~1\mcafee.com\vso\mcvsrte.exe /embedding (file missing)

-- Scheduled Tasks

2007-04-08 13:45:02 262 --a

C:\WINDOWS\Tasks\McDefragTask.job<MCDEFR~1.JOB>
2007-04-08 13:45:00 354 --a

C:\WINDOWS\Tasks\McQcTask.job
2007-04-08 12:36:16 388 --a

C:\WINDOWS\Tasks\1-Click Maintenance.job<1-CLIC~1.JOB>
2007-02-12 22:25:02 284 --a

C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>

-- Files created between 2007-03-10 and 2007-04-10

2007-04-10 17:03:12 0 d--hs---- C:\FOUND.000
2007-04-10 16:54:04 3968 --a

C:\WINDOWS\System32\drivers\AvgAsCln.sys
2007-04-10 11:55:10 79360 --a

C:\WINDOWS\System32\swxcacls.exe
2007-04-10 11:55:10 288417 --a

C:\WINDOWS\System32\SrchSTS.exe
2007-04-10 11:55:10 51200 --a

C:\WINDOWS\System32\dumphive.exe
2007-04-10 11:55:09 40960 --a

C:\WINDOWS\System32\swsc.exe
2007-04-10 11:55:09 135168 --a

C:\WINDOWS\System32\swreg.exe
2007-04-10 11:55:09 53248 --a

C:\WINDOWS\System32\Process.exe
2007-04-08 14:36:13 552 --a

C:\WINDOWS\System32\d3d8caps.dat
2007-04-08 13:46:00 31560 --a

C:\WINDOWS\System32\drivers\mferkdk.sys
2007-04-08 13:45:59 37800 --a

C:\WINDOWS\System32\drivers\mfesmfk.sys
2007-04-08 13:45:59 33896 --a

C:\WINDOWS\System32\drivers\mfebopk.sys
2007-04-08 13:45:58 161768 --a

C:\WINDOWS\System32\drivers\mfehidk.sys
2007-04-08 13:45:57 84744 --a

C:\WINDOWS\System32\drivers\mfeavfk.sys
2007-04-08 13:45:45 104024 --a

C:\WINDOWS\System32\drivers\Mpfp.sys
2007-04-08 13:43:36 0 d

C:\Program Files\Common Files\McAfee
2007-04-08 11:25:54 0 d

C:\Program Files\TuneUp Utilities 2007<TUNEUP~1>
2007-04-08 11:24:49 299392 --a

C:\WINDOWS\System32\imon.dll
2007-04-08 11:24:49 15424 --a

C:\WINDOWS\System32\drivers\nod32drv.sys
2007-04-08 11:24:49 512096 --a

C:\WINDOWS\System32\drivers\amon.sys
2007-04-07 21:53:49 2728 --a

C:\WINDOWS\System32\tmp.reg
2007-04-07 21:20:58 0 d

C:\WINDOWS\System32\LogFiles
2007-04-03 15:26:41 0 d

C:\Documents and Settings\Dave\Application Data\Ahead
2007-04-02 12:55:10 33792 --a

C:\WINDOWS\System32\drivers\disk.sys
2007-03-31 14:08:16 99904 --a

C:\WINDOWS\System32\PnkBstrB.exe
2007-03-31 14:08:02 63040 --a

C:\WINDOWS\System32\PnkBstrA.exe
2007-03-30 16:00:01 0 d

C:\Documents and Settings\All Users\Application Data\InstallShield<INSTAL~1>
2007-03-28 19:18:30 0 d---s---- C:\Documents and Settings\Dave\UserData
2007-03-28 14:12:15 0 d

C:\Documents and Settings\Dave\Application Data\GetRightToGo<GETRIG~1>
2007-03-27 09:55:23 200704 --a

C:\WINDOWS\System32\ssldivx.dll
2007-03-27 09:55:23 1044480 --a

C:\WINDOWS\System32\libdivx.dll
2007-03-15 19:47:22 169 --a

C:\WINDOWS\System32\8773
2007-03-10 19:42:32 0 d

C:\Documents and Settings\Dave\Application Data\AdobeUM

-- Find3M Report

2007-04-10 18:18:22 12983 --a

C:\WINDOWS\System32\tablet.dat
2007-04-08 16:44:06 0 d

C:\Documents and Settings\Dave\Application Data\Mozilla
2007-03-04 14:21:44 0 d

C:\Documents and Settings\Dave\Application Data\Real
2007-03-04 14:05:58 0 d

C:\Documents and Settings\Dave\Application Data\Media Player Classic<MEDIAP~1>
2007-03-04 13:53:50 0 d

C:\Documents and Settings\Dave\Application Data\Adobe
2007-03-04 13:41:56 0 d

C:\Documents and Settings\Dave\Application Data\acccore
2007-03-04 13:40:12 0 d

C:\Documents and Settings\Dave\Application Data\AIMPro
2007-02-27 21:12:32 383 --a

C:\WINDOWS\System32\731.exe
2007-02-27 21:12:32 0 --a

C:\WINDOWS\System32\17F59B69
2007-02-26 13:32:42 0 d

C:\Documents and Settings\Dave\Application Data\Lavasoft
2007-02-25 21:16:36 42 --a

C:\WINDOWS\System32\ymsgsmx.dll
2007-02-25 21:16:36 42 --a

C:\WINDOWS\System32\smtsmxpfx.dll<SMTSMX~1.DLL>
2007-02-25 21:16:36 42 --a

C:\WINDOWS\System32\gtalsmx.dll
2007-02-25 21:16:36 42 --a

C:\WINDOWS\System32\aosmx.dll
2007-02-25 21:16:36 42 --a

C:\WINDOWS\System32\aimsmx.dll
2007-02-25 18:29:00 0 d

C:\Documents and Settings\Dave\Application Data\IDM
2007-02-25 18:29:00 0 d

C:\Documents and Settings\Dave\Application Data\DMCache
2007-02-25 18:13:34 0 d

C:\Documents and Settings\Dave\Application Data\Apple Computer<APPLEC~1>
2007-02-25 18:05:10 0 d

C:\Documents and Settings\Dave\Application Data\Macromedia<MACROM~1>
2007-02-25 18:04:32 0 d

C:\Documents and Settings\Dave\Application Data\TuneUp Software<TUNEUP~1>
2007-02-25 18:01:16 0 d

C:\Documents and Settings\Dave\Application Data\Google
2007-01-29 17:06:00 94 --a

C:\WINDOWS\System32\sysprink.dll
2007-01-29 17:06:00 12288 --a

C:\WINDOWS\System32\545123.exe
2007-01-19 12:53:04 51056 --a

C:\WINDOWS\System32\sirenacm.dll
2007-01-17 18:01:40 89 --a

C:\WINDOWS\System32\sysprint.dll
2007-01-17 18:01:04 5120 --ahs---- C:\WIN.COM

-- Registry Dump

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"IDMan"="D:\\Program Files\\Internet Download Manager\\IDMan.exe /onboot"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMax"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"QuickTime Task"="\"E:\\myprograms_sasha\\quicktime6\\qttask.exe\" -atboottime"
"iTunesHelper"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"!AVG Anti-Spyware"="\"C:\\Documents and Settings\\Dave\\Desktop\\AVG\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EssSpkPhone]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="essspk"
"hkey"="HKLM"
"command"="essspk.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ABBYYNewsReader"
"hkey"="HKLM"
"command"="\"E:\\MyPrograms_Sasha\\FineReader\\FineReader\\ABBYYNewsReader.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogitechDesktopMessenger"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee.InstantUpdate.Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RuLaunch"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\McAfee\\McAfee Shared Components\\Instant Updater\\RuLaunch.exe\" /STARTMONITOR"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\" /WinStart"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mimboot"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mimboot.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"E:\\myprograms_sasha\\quicktime6\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ess"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\update\\hide C:\\WINDOWS\\update\\ess.bat"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=dword:00000003
"WZCSVC"=dword:00000003
"wuauserv"=dword:00000002
"WmiApSrv"=dword:00000003
"Themes"=dword:00000002
"TapiSrv"=dword:00000003
"Schedule"=dword:00000002
"SCardSvr"=dword:00000003
"SCardDrv"=dword:00000003
"RSVP"=dword:00000003
"RemoteRegistry"=dword:00000002
"Macromedia Licensing Service"=dword:00000003
"IDriverT"=dword:00000003
"gusvc"=dword:00000003
"Evendede"=dword:00000003
"ERSvc"=dword:00000002
"Adobe LM Service"=dword:00000003

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"180ClientStubInstall"="\"C:\\Temp\\180SA3013.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"="0"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp

-- End of Deckard's System Scanner: finished at 2007-04-10 at 18:23:09

Dave32 · April 2007

Logfile of HijackThis v1.99.1
Scan saved at 6:39:45 PM, on 4/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Documents and Settings\Dave\Desktop\AVG\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
E:\myprograms_sasha\quicktime6\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
E:\MyPrograms_Sasha\Lingo6\LvAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aaotracker.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Sahaj Toolbar - {eb4e526b-68d5-4728-ae18-a1fe66dcd69e} - C:\Program Files\Sahaj\tbSaha.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Sahaj Toolbar - {eb4e526b-68d5-4728-ae18-a1fe66dcd69e} - C:\Program Files\Sahaj\tbSaha.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "E:\myprograms_sasha\quicktime6\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Dave\Desktop\AVG\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Morpheus.lnk = D:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ABBYY Lingvo 6.0 Launcher.lnk = E:\MyPrograms_Sasha\Lingo6\LvAgent.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - [URL]file://C:\TempEI4\EI40_\msxml4.cab[/URL]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4362/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab
O18 - Protocol: bw+0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Dave\Desktop\AVG\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mctskshd.exe (file missing)
O23 - Service: McAfee User Manager (mcusrmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

peku006 · April 2007

Hi Dave32

Please delete these files using WindowsExplorer(ifpresent):
C:\WINDOWS\System32\731.exe
C:\WINDOWS\System32\17F59B69
C:\WINDOWS\System32\ymsgsmx.dll
C:\WINDOWS\System32\smtsmxpfx.dll
C:\WINDOWS\System32\gtalsmx.dll
C:\WINDOWS\System32\aosmx.dll
C:\WINDOWS\System32\aimsmx.dll
C:\WINDOWS\System32\sysprink.dll
C:\WINDOWS\System32\545123.exe
C:\WINDOWS\System32\sysprint.dll

Please backup your registry before fix it:
Start
Run
Type the following to the box and hit Ok: regedit
A window opens, click on File
Choose Export form the menu
Change the save location to C:\
Give the filename, RegBackUp
Make sure that the filetype is set to Registryfiles (*.reg)
Click on Save and Close the window
Please run Notepad and paste the following text into a new file:

REGEDIT4
 
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"180ClientStubInstall"=-

Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files".
Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry

Please download SmitfraudFix (by S!Ri)
Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

Please, post Smitfradufix report to your next reply.:)

Dave32 · April 2007

SmitFraudFix v2.166
Scan done at 21:37:23.85, Tue 04/10/2007
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Documents and Settings\Dave\Desktop\AVG\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
E:\myprograms_sasha\quicktime6\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
E:\MyPrograms_Sasha\Lingo6\LvAgent.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dave

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dave\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DAVE\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3FA7D134-958B-44BF-8FD7-DF98ECAD8B23}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3FA7D134-958B-44BF-8FD7-DF98ECAD8B23}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Could you also help me with the free disk space? because im running with about 70 mb and I cant delet anything else....
I can attach a pic of the problem with the free space (a pic of the properties of the whole "documents and settings" and the properties of the folders inside it...)

BTW the problem with the massive sized temp is over thanks for helping so far

peku006 · April 2007

Hi Dave32

Select Start, then Control Panel and double-click the System icon. Then click on the System Restore tab on the dialog box. Depending on your disk setup, do the following:

Single partition Adjust the space system restore uses on the disk by moving the slider left to decrease space usage, The default maximum space usage is 1%.
Multiple partitions or multiple disks: Click on the drive you want to adjust in the available drives section on the System Restore page and then click the settings option. You can then adjust the space system restore uses on that drive by moving the slider to the left to decrease space usage, or right to increase space usage. The default maximum space usage is 1%. Repeat for each drive as necessary.

Please run Panda's ActiveScan You will need to use Internet Explorer to run it.
* Once you are on the Panda site click the Scan your PC button
* A new window will open...click the Check Now button
* Enter your Country
* Enter your State/Province
* Enter your e-mail address and click send
* Select either Home User or Company
* Click the big Scan Now button
* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
* When download is complete, click on My Computer to start the scan
* When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post fresh HijackThis log and the Panda's ActiveScan Report

Dave32 · April 2007

panda log:

Incident Status Location
Potentially unwanted tool:application/bestoffer Not disinfected C:\WINDOWS\SMDAT32M.SYS
Potentially unwanted tool:application/altnet Not disinfected C:\WINDOWS\SMDAT32A.SYS
Potentially unwanted tool:Application/MSNContentPlus Not disinfected C:\WINDOWS\MSNImport.exe
Virus:Trj/Goldun.NS Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\SVCHOST\SVCHOST.EXE
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sasha\Desktop\smitRem.exe[smitRem/Process.exe]
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Sasha\Desktop\SmitfraudFix\RESTART.EXE
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Dave\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Dave\Desktop\SDfix\SDFix\APPS\Process.exe
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dave\Cookies\dave@atwola[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dave\Cookies\dave@bs.serving-sys[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dave\Cookies\dave@casalemedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dave\Cookies\dave@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dave\Cookies\dave@ad.yieldmanager[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dave\Cookies\dave@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dave\Cookies\dave@statcounter[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dave\Cookies\dave@fastclick[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Dave\Cookies\dave@tribalfusion[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\no5uv3z4.default\COOKIES.TXT[.atwola.com/]
Virus:Trj/Goldun.FD Disinfected C:\WIN.COM
Potentially unwanted tool:Application/Processor Not disinfected C:\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\SmitfraudFix\RESTART.EXE
Potentially unwanted tool:Application/Processor Not disinfected D:\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected D:\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected D:\SmitfraudFix\RESTART.EXE
Spyware:Cookie/GoStats Not disinfected D:\Document and settings\Sasha\Cookies\sasha@gostats[1].txt
Spyware:Cookie/Xiti Not disinfected D:\Document and settings\Sasha\Cookies\sasha@xiti[1].txt
Spyware:Cookie/Go Not disinfected D:\Document and settings\Sasha\Cookies\sasha@go[1].txt
Spyware:Cookie/Entrepreneur Not disinfected D:\Document and settings\Sasha\Cookies\sasha@entrepreneur[1].txt
Spyware:Cookie/Azjmp Not disinfected D:\Document and settings\Sasha\Cookies\sasha@azjmp[2].txt
Spyware:Cookie/Toplist Not disinfected D:\Document and settings\Sasha\Cookies\sasha@toplist[1].txt
Potentially unwanted tool:Application/Processor Not disinfected D:\Document and settings\Sasha\Desktop\smitRem.exe[smitRem/Process.exe]
Virus:Trj/Shutdown.Z Disinfected D:\Document and settings\Sasha\Desktop\SmitfraudFix\RESTART.EXE

Dave32 · April 2007

Logfile of HijackThis v1.99.1
Scan saved at 10:47:03 AM, on 4/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Dave\Desktop\AVG\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
E:\myprograms_sasha\quicktime6\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
E:\MyPrograms_Sasha\Lingo6\LvAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aaotracker.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Sahaj Toolbar - {eb4e526b-68d5-4728-ae18-a1fe66dcd69e} - C:\Program Files\Sahaj\tbSaha.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Sahaj Toolbar - {eb4e526b-68d5-4728-ae18-a1fe66dcd69e} - C:\Program Files\Sahaj\tbSaha.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "E:\myprograms_sasha\quicktime6\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Dave\Desktop\AVG\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Morpheus.lnk = D:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ABBYY Lingvo 6.0 Launcher.lnk = E:\MyPrograms_Sasha\Lingo6\LvAgent.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - [URL]file://C:\TempEI4\EI40_\msxml4.cab[/URL]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4362/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab
O18 - Protocol: bw+0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E593B99F-5DB3-42FA-9601-6DC31A0797DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Dave\Desktop\AVG\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mctskshd.exe (file missing)
O23 - Service: McAfee User Manager (mcusrmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

peku006 · April 2007

Hi Dave32

What AntiVirus you use It seems to me that you have 2 antvirus on your computer. McAfee and NOD32

Please download eScan and follow instructions with care.
* Double-click the mwav.exe icon.
* Wait untill installation is complete.
* Select I accept the agreement and click OK.
* When eScan is started, please select:
o Memory
o Startup Folders
o Drive
o All Local Drives
o Registry
o System Folder
o Services
o Scan only
o Scan all files
* Click the Scan Only button.
* eScan begin to scan your system, please be patient.
* When scanning is complete, do following:
o Copy all text under Virus Log Information (Ctrl + A and Ctrl + C),
o and post them here.;)

Dave32 · April 2007

Do you still think I have a Virus/Trojan on my comp?
I just need the free space...
I had NOD32 and then i installed mcafee to check for viruses but I deleted it in a stupid way coz I just had to get some free space...

peku006 · April 2007

Hi Dave32

Please copy (Ctrl C) and paste (Ctrl V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat. Please save it on your desktop.

@echo off
sc stop "Emproxy"
sc delete "Emproxy"
sc stop "McODS"
sc delete "McODS"
sc stop "McSysmon"
sc delete "McSysmon"
sc stop "McShield"
sc delete "McShield"

Double click FixServices.bat. A window will open and close. This is normal.

Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)

Close ALL open windows
Click Fix Checked
Close HijackThis

How to move the paging file

Please download eScan and follow instructions with care.
* Double-click the mwav.exe icon.
* Wait untill installation is complete.
* Select I accept the agreement and click OK.
* When eScan is started, please select:
o Memory
o Startup Folders
o Drive
o All Local Drives
o Registry
o System Folder
o Services
o Scan only
o Scan all files
* Click the Scan Only button.
* eScan begin to scan your system, please be patient.
* When scanning is complete, do following:
o Copy all text under Virus Log Information (Ctrl + A and Ctrl + C),
o and post them here.
* Double-click on Dss.exe to run it, and follow the prompts.
* The scan may take a minute. When the scan is complete, a text file will open - Main.txt and extra.txt
Post extra.txt ,Virus Log Information and hjt-log

Free Space Decreasing..

Comments