Unknown files

Question

tafe 0 Newbie Poster

19 Years Ago

Can anyone tell me anything about rapfnts.exe and rapfnts.dll ?
I don't know where they came from, or from whom (other than a company name of TODO).
When I restart my system (XP) I get and error message that rapfnts.dll could not initialize because Windows is shutting down.
The rapfnts.exe file appears in my processes list in Taskmgr but I cannot end the process (no explanation given, just ignores the command)
Thanks, Brian

windows-virus

2 Contributors
10 Replies
414 Views
3 Days Discussion Span
Latest Post 19 Years Ago Latest Post by caperjack

All 10 Replies

caperjack 875 I hate 20 Questions

19 Years Ago

Hi,Welcome to DaniWeb ,Please do this.
Download 'Hijack This!'. hijackthis
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!

1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.

2. Copy and paste HijackThis.exe to the new folder.

3. Close ALL windows except HJT

4. SCAN with HJT

5. POST the new log in this thread using 'Add Reply'

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH

caperjack 875 I hate 20 Questions

19 Years Ago

Go
Here and Get Trojan-Hunter Fully working trial! and run a full scan
,,,,,,,,,,,,,,,,,,,,,
To remove trojans there is a tool which needs to be downloaded and run.

1. Please download Stinger and save it to your desktop

2. Double-click on the stinger.exe file and open the tool

3. Choose your entire hard drive to scan.

4. Choose Scan Now

5. Stinger will fix anything that it finds

6. Click the File menu and select Save report to file

7. Post the log file results here in this thread.

STINGER

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Reboot to SAFE mode to delete files
How to start computer in safe mode

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Do a virus scan Please do an online scan, 2 would be better,

Micro World http://www.mwti.net/antivirus/free_utilities.asp
Trend Micro http://housecall.trendmicro.com/housecall/start_corp.asp

Make sure that you choose "fix" or "clean".

.
,,,,,,,,,,,,,,,,,,,,,,,,,,
Download then unzip and run CWShredder to clean up clicking "FIX" to have it remove all it finds.

CWShredder available from these places :-

http://www.aluriasoftware.com/tools/cwshredder.zip
Or this as a full download without any unzipping required
http://www.downloads.subratam.org/CWShredder.exe
http://www.spywareinfo.com/downloads/tools/CWShredder.exe

We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine. Detailed instructions from :-
HERE
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Then please do this since it’s better to use automated tools to get rid of the bad stuff use these 2 programs first before doing the final cleaning with HJT

First use Spybot S&D. (Version 1.3)
Spybot
Unzip, and update. Install the updates and run. Delete all that it marks in red.
Reboot

Then it’s time for Ad-Aware
Ad-Aware
Install and update by using the globe icon. Restart your computer and run Ad-Aware.
Press scan now and select drives and/or partitions to be scanned. When done select all and click next. Remove all checked items and then reboot your computer.

Please go to this page and read the instructions for how to configure Spybot S&D & Ad-Aware
How To Setup Spybot SD and Ad-Aware

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
If needed !!!!!!
Reboot and post a new HiJackThis log. You need an updated version of Hijackthis which you can get from HERE

Then post a HJT log as a reply to this topic.

caperjack 875 I hate 20 Questions

19 Years Ago

I would advise you to use the Control Panel / Add/Remove Programs to remove the LogitechDesktopMessenger program. It is responsible for all of the 018 entries. It has a bad reputation as a resource hog.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

tafe 0 Newbie Poster · Answer 1 · 2005-03-21T08:02:44+00:00

Logfile of HijackThis v1.99.1
Scan saved at 8:00:14 PM, on 3/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system32\rapfnts.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\packager.exe
C:\PROGRA~1\Zinio\ZDLM.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/se

arch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

localhost
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\Ceres.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft

Money\System\mnyside.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [rapfnts] c:\windows\system32\rapfnts.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [winshost.exe] C:\WINDOWS\system32\winshost.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Instant Buzz Daemon] C:\Program Files\Instant Buzz\IBDaemon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Zinio DLM] C:\PROGRA~1\Zinio\ZDLM.exe /hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] \Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft

Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft

Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft

Office\Office\OSA.EXE
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} -

C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program

Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -

http://support2.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -

https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} (Diagmgr Class) -

http://isupport4.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) -

http://www.spybouncer.com/downloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?

1106941575026
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.

cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) -

https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -

https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

http://www.shockwave.com/content/bejeweled2/popcaploader_v6.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) -

http://h30155.www3.hp.com/helpandsupport/SysQuery.cab
O18 - Protocol: bw+0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {2C49BAE2-8905-4520-9E1D-CEFFCB4BAD04} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe

tafe 0 Newbie Poster · Answer 2 · 2005-03-22T10:19:24+00:00

Trojan Hunter report:

Registry scan
Registry key exists: HKEY_CLASSES_ROOT\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9} (matches IMIServ.101) (Regedit Jump)
Registry key exists: HKEY_CLASSES_ROOT\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582} (matches IMIServ.101) (Regedit Jump)
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan
Found trojan file: C:\Documents and Settings\User\Local Settings\Temp\DrTemp\mm_reco.exe (Adware.BetterInternet.100)
Found trojan file: C:\Documents and Settings\User\Local Settings\Temp\DrTemp\thnall2c.exe (Adware.BetterInternet.100)
Found trojan file: C:\Documents and Settings\User\Local Settings\Temp\DrTemp\wupdsnff.exe (Adware.BetterInternet.100)
Found trojan file: C:\Documents and Settings\User\Local Settings\Temp\THI15FF.tmp\Ceres.dll (Adware.VX2.104)
Found trojan file: C:\Documents and Settings\User\Local Settings\Temp\THI1875.tmp\Ceres.dll (Adware.VX2.104)
Found trojan file: C:\Documents and Settings\User\Local Settings\Temp\THI1BBE.tmp\Ceres.dll (Adware.VX2.104)
Found trojan file: C:\Documents and Settings\User\Local Settings\Temp\THI2EF1.tmp\Ceres.dll (Adware.VX2.104)
Found trojan file: C:\Documents and Settings\User\Local Settings\Temp\THI642F.tmp\Ceres.dll (Adware.VX2.104)
Found trojan file: C:\Documents and Settings\User\Local Settings\Temp\THI70F4.tmp\farmmext.exe (TrojanDownloader.Farmex.100)
Found trojan file: C:\WINDOWS\Buddy.exe (Adware.BetterInternet.102)
Found trojan file: C:\WINDOWS\ceres.dll (Adware.VX2.104)
Found trojan file: C:\WINDOWS\systb.exe/yHqyYM.exe (Adware.IEPlugin.100)
12 trojan files found

Stinger report:

McAfee AVERT Stinger Version 2.5.3 built on Mar 1 2005Copyright (C) 2005 Networks Associates Technology, Inc.
All Rights Reserved.Virus data file v1000 created on Mar 1 2005.
Ready to scan for 53 viruses, trojans and variants.

Scan initiated on Mon Mar 21 15:14:26 2005 Number of clean files: 667

Scan initiated on Mon Mar 21 15:15:35 2005 Number of clean files: 626692

BRIAN'S NOTE: SYSTEM WENT INTO INFINITE LOOP AT C:\PROGRAM\0000????.js\*.*
and I terminated operation, I do not have 600K files.

cwshredder report:
**** Run Keys ****

RUN: [Mouse Suite 98 Daemon] ICO.EXE
RUN: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
RUN: [rapfnts] c:\windows\system32\rapfnts.exe
RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
RUN: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
RUN: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
RUN: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
RUN: [CARPService] carpserv.exe
RUN: [farmmext] C:\WINDOWS\farmmext.exe
RUN: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
RUN: [Instant Buzz Daemon] C:\Program Files\Instant Buzz\IBDaemon.exe
RUN: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
RUN: [EasyDVDMon]
RUN: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
RUN: [Zinio DLM] C:\PROGRA~1\Zinio\ZDLM.exe /hide
RUN: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
RUN: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
RUN: [LDM] \Program\LogitechDesktopMessenger.exe

**** Browser Helper Objects ****

BHO: [CeresObj Class] C:\WINDOWS\Ceres.dll
BHO: [Yahoo! Companion BHO] C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_1.dll
BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO: [AcroIEHlprObj Class] C:\Program Files\Microsoft Money\System\mnyside.dll
BHO: [AcroIEHlprObj Class] C:\Program Files\Microsoft Money\System\mnyside.dll

**** IE Toolbars ****

TOOLBAR: []
TOOLBAR: []
TOOLBAR: [Yahoo! Companion] C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_1.dll

**** IE Extensions ****

IEExt: [Instant Buzz]
IEExt: [Messenger]
IEExt: [MoneySide]
IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe

**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost

**** IE Settings ****

IEBypass: localhost
Default Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default Search: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Local Page: C:\WINDOWS\system32\blank.htm
Search Bar: http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
Search Page: http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com

**** IE Context Menu (Right click) ****

**** Layered Service Providers ****

LSP: MSAFD Irda [IrDA]
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F725F403-6AE4-4FD2-A3AF-8AA9E81DDA2C}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F725F403-6AE4-4FD2-A3AF-8AA9E81DDA2C}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F220E47A-91A4-4EEA-B29E-51266CA216DA}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F220E47A-91A4-4EEA-B29E-51266CA216DA}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{01903F11-8A4C-4453-916A-5A63B301BB34}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{01903F11-8A4C-4453-916A-5A63B301BB34}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{09FE5E24-A434-4715-BA46-04423FBB597A}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{09FE5E24-A434-4715-BA46-04423FBB597A}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4E2E774A-FED7-470D-B382-2B2960557A46}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4E2E774A-FED7-470D-B382-2B2960557A46}] DATAGRAM 3

**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No

**** Downloaded Program Files ****

Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso.cab]
{01113300-3E00-11D2-8470-0060089874ED} [http://support2.charter.com/sdccommon/download/tgctlcm.cab] C:\WINDOWS\Downloaded Program Files\tgctlcm.dll
{166B1BCA-3F9C-11CF-8075-444553540000} [http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab]
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} [https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab]
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab]
{555500CD-CB54-11D6-8DB9-0000864598B3} [http://isupport4.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB] C:\WINDOWS\ispro.ico C:\WINDOWS\dev.ini C:\WINDOWS\hpnet.exe C:\WINDOWS\dpstatus.exe C:\WINDOWS\startag.exe C:\WINDOWS\idob.exe C:\WINDOWS\idvectra.exe C:\WINDOWS\DiagDeviceList.xml C:\WINDOWS\DiagErrorCodes.xml C:\WINDOWS\unzip.exe C:\WINDOWS\devenum.exe C:\WINDOWS\Downloaded Program Files\HPISDiagManager.dll
{5E8FD788-C323-4357-AB76-7CBCEFBA573C} [http://www.spybouncer.com/downloader.ocx]
{6414512B-B978-451D-A0D8-FCFDF33E833C} [http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106941575026]
{644E432F-49D3-41A1-8DD5-E099162EEEC5} [http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab]
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} [http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab]
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [http://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab]
{A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} [https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab]
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab]
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} [https://www-secure.symantec.com/techsupp/asa/SymAData.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [http://www.shockwave.com/content/bejeweled2/popcaploader_v6.cab]
{F5C90925-ABBF-4475-88F5-8622B452BA9E} [http://h30155.www3.hp.com/helpandsupport/SysQuery.cab]

**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://websearch.drsnsrch.com/sidesearch.cgi?id=
SEARCH: [CustomizeSearch] http://websearch.drsnsrch.com/sidesearch.cgi?id=

**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
IEOPT: [Use FormSuggest] no
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [AutoSearch]
IEOPT: [AddToFavoritesExpanded]
IEOPT: [Save Directory] C:\Documents and Settings\User\My Documents\TAFE general\Financial\
IEOPT: [Enable Browser Extensions] yes
IEOPT: [Search Bar] http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
IEOPT: [Use Search Asst] no
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Use Custom Search URL]
IEOPT: [Expand Alt Text] no
IEOPT: [Move System Caret] no
IEOPT: [NscSingleExpand]
IEOPT: [DisableScriptDebuggerIE] no
IEOPT: [NoWebJITSetup]
IEOPT: [Page_Transitions]
IEOPT: [FavIntelliMenus] no
IEOPT: [UseThemes]
IEOPT: [Force Offscreen Composition]
IEOPT: [AllowWindowReuse]
IEOPT: [Friendly http errors] yes
IEOPT: [ShowGoButton] yes
IEOPT: [SmoothScroll]
IEOPT: [Enable AutoImageResize] yes
IEOPT: [Enable_MyPics_Hoverbar] yes
IEOPT: [Play_Animations] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Display Inline Videos] yes
IEOPT: [Show image placeholders]
IEOPT: [Print_Background] no
IEOPT: [LastCheckedHi]
IEOPT: [Check_Associations] yes
IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Search Page] http://websearch.drsnsrch.com/sidesearch.cgi?id=
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Check_Associations] yes
IEOPT: [Search Bar] http://websearch.drsnsrch.com/sidesearch.cgi?id=
IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm

Logfile of HijackThis v1.99.1Scan saved at 8:55:09 PM, on 3/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Zinio\ZDLM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/se

arch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft

Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot -

Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [rapfnts] c:\windows\system32\rapfnts.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe (I fixed this after the report w/HJT)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Instant Buzz Daemon] C:\Program Files\Instant Buzz\IBDaemon.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Zinio DLM] C:\PROGRA~1\Zinio\ZDLM.exe /hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] \Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat