0

I folloed your instructions on how to delete surf sidekick, as I thougt that was my only problem, but alas, more have arisin to the degree of my wanting to put my computer in Davey Jones' Locker. That really irritates him too, since I keep figuring out the combination after he changes it every time.

Here's my HJT log, I hope you guys can help:

Logfile of HijackThis v1.99.1
Scan saved at 4:18:57 PM, on 3/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bestbuy.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ewljb.exe
F2 - REG:system.ini: UserInit=userinit.exe,orsnlfi.exe
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.com
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.slehc.org/Autodesk/mgaxctrl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O18 - Protocol: bw+0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\g0lmla311d.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks in advance!

2
Contributors
19
Replies
20
Views
11 Years
Discussion Span
Last Post by D3m3nt3d
0

Quite a mess! I would uninstall Logitech Desktop Messenger if not used.

Now download the following tools for me

CCleaner
http://www.filehippo.com/download/51b30b1401c95091feb32bb89cfe8bbe/download.html

Ad-Aware SE Personal
http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10399602.html?tag=lst-0-2

Spybot Search and Destroy
http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10401314.html?tag=lst-0-1

Ewido
http://www.download.com/Ewido-Security-Suite/3000-8022_4-10326287.html?tag=lst-0-1

Spysweeper
http://www.malwareteks.com/dload.php?action=download&file_id=5

Pocket Killbox
http://bleepingcomputer.com/files/spyware/KillBox.zip
-Unzip to its own folder

Now since you have Windows XP - I want us to start in Safe Mode with Networking
-Restart your PC
-Repeatedly tap F8 before the "Loading Windows" screen appears
-Choose Safe Mode with Networking
-You will see the screen scroll down - this is normal

Now on to the cleaning...

Open up CCleaner first
-run ONLY the default scan (Windows Tab). Do Not “Scan For Issues unless specifically asked to do so!
-Simply open it and choose Run Cleaner

Open Ad-Aware
-Allow it to update to the latest definitions
-Run it and remove everything it finds

Open Spybot
-Allow it to update
-Run it and fix what it finds

Open Ewido
-Click Update>Start Update
-Run it and remove everything it finds
-Save the report at the end and attach it for me when you return

Now Reboot back into Normal Mode

Open Spysweeper
-Allow it to update then run a Sweep
-Let it remove everything it finds
-Please save this log for me and attach it

Now run Kaspersky Online Scanner
http://www.kaspersky.com/scanforvirus.html

Save the log and attach it for me as well.

If you can not get these logs in one post that is fine, use as many posts as necessary.

I need the following

  • Ewido Scan Report
  • Spysweepers log
  • Kaspersky's log
  • New HijackThis log

If you run into trouble with a particular step, just skip it and move on. Let me know when you return any problems you may have encountered

Good Luck :)

0

Okie, I did what you asked, but there's a problem, the Kaversky won't run...I let it sit for a good 30 minutes, and it just hangs on me...again and again and again.

So here we go for the copy - pastes

Ewido:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------


+ Created on:           6:34:09 PM, 3/22/2006
+ Report-Checksum:      6107E622


+ Scan result:


[504] C:\WINDOWS\system32\tuugsht.dll -> Downloader.Qoologic.bj : Cleaned with backup
[1052] C:\WINDOWS\system32\tuugsht.dll -> Downloader.Qoologic.bj : Error during cleaning
[712] C:\WINDOWS\system32\tuugsht.dll -> Downloader.Qoologic.bj : Error during cleaning
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0088936.exe -> Worm.VB.dw : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089914.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089917.exe -> Dropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089918.exe -> Downloader.VB.yu : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089919.exe -> Downloader.Agent.afi : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089921.EXE -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089931.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089933.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089934.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089935.exe -> Worm.VB.dw : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089937.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089938.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089940.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089942.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089982.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089983.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089986.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089987.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089989.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0089991.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0090009.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0090010.ocx -> Downloader.VB.ov : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0090014.exe -> Downloader.VB.uc : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0090016.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0090017.exe -> Downloader.Small.abd : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0090020.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0090024.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0090028.dll -> Downloader.Agent.agw : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0090029.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091031.exe -> Dropper.Agent.aie : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091033.exe -> Adware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091035.exe -> Downloader.VB.yv : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091036.exe -> Hijacker.VB.lv : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091037.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091038.exe -> Downloader.VB.ri : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091040.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091041.exe -> Dropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091042.exe -> Logger.VB.eh : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091043.exe -> Trojan.Runner.h : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091045.dll -> Adware.RK : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091046.exe -> Adware.RK : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091047.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091048.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091049.exe -> Downloader.Small.ckq : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091050.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091051.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091052.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091054.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0091061.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP430\A0092054.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP431\A0094065.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP431\A0094095.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP431\A0095106.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP431\A0095107.dll -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP431\A0095108.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP431\A0095109.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP431\A0095110.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0095126.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096139.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096149.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096258.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096264.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096268.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096273.exe -> Adware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096318.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096322.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096327.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096330.exe -> Dropper.VB.me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096331.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096332.exe -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096333.exe -> Adware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096334.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096335.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096336.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096337.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096338.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096339.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096340.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096341.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096342.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096343.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096344.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096348.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096355.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096356.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096381.dll -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096382.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096383.dll -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096384.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096385.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096386.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096390.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096392.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096400.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096401.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096402.dll -> Adware.Suggestor : Cleaned with backup
C:\WINDOWS\system32\skjjn.dat -> Downloader.Qoologic.bj : Cleaned with backup
C:\WINDOWS\system32\vnrsion.dll -> Adware.Look2Me : Cleaned with backup



::Report End


Spy Sweeper


********
6:47 PM: |       Start of Session, Wednesday, March 22, 2006       |
6:47 PM: Spy Sweeper started
6:47 PM: Sweep initiated using definitions version 556
6:47 PM: Starting Memory Sweep
6:48 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:48 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:48 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:48 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:48 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:48 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:48 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:48 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:48 PM: Memory Sweep Complete, Elapsed Time: 00:01:10
6:48 PM: Starting Registry Sweep
6:48 PM:   Found Adware: cws-aboutblank
6:48 PM:   HKCR\protocols\filter\text/html\  (2 subtraces) (ID = 114343)
6:48 PM:   HKLM\software\classes\protocols\filter\text/html\  (2 subtraces) (ID = 115907)
6:48 PM:   Found Adware: media-motor
6:48 PM:   HKCR\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\  (23 subtraces) (ID = 140032)
6:48 PM:   HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\inprocserver32\  (2 subtraces) (ID = 140081)
6:48 PM:   HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\miscstatus\  (3 subtraces) (ID = 140082)
6:48 PM:   HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\progid\  (1 subtraces) (ID = 140083)
6:48 PM:   HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\toolboxbitmap32\  (1 subtraces) (ID = 140084)
6:48 PM:   HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\typelib\  (1 subtraces) (ID = 140085)
6:48 PM:   HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\version\  (1 subtraces) (ID = 140086)
6:48 PM:   HKLM\software\mm\  (1 subtraces) (ID = 140211)
6:48 PM:   Found Adware: surfsidekick
6:48 PM:   HKU\WRSS_Profile_S-1-5-21-370030131-3186773635-3883207141-500\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
6:48 PM:   HKU\WRSS_Profile_S-1-5-21-370030131-3186773635-3883207141-500\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
6:48 PM: Registry Sweep Complete, Elapsed Time:00:00:12
6:48 PM: Starting Cookie Sweep
6:48 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:48 PM: Starting File Sweep
6:49 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:49 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:49 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:49 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:49 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:49 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:49 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:49 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:50 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:50 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:50 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:50 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:50 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:50 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:50 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:50 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:50 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:50 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:50 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:50 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:51 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:51 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:51 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:51 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:52 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:52 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:52 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:52 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:52 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:52 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:52 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:52 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:52 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:52 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:52 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:52 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:53 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:53 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:53 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:53 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:53 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:53 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:53 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:53 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:54 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:54 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:54 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:54 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:54 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:54 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:54 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:54 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:55 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:55 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:55 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:55 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:55 PM:   Warning: Invalid Stream
6:55 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:55 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:55 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:55 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:56 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:56 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:56 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:56 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:56 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:56 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:56 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:56 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:56 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:56 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:56 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:56 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:57 PM:   Warning: Invalid file - not a PKZip file
6:57 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:57 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:57 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:57 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:57 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:57 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:57 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:57 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:57 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:57 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:57 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:57 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:58 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:58 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:58 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:58 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:58 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:58 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:58 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:58 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:58 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:58 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:58 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:58 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:59 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:59 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:59 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:59 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:00 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:00 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:00 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:00 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:00 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:00 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:00 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:00 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:00 PM:   Warning: Invalid file - not a PKZip file
7:00 PM:   Warning: Invalid file - not a PKZip file
7:00 PM:   Warning: Invalid file - not a PKZip file
7:00 PM:   Warning: Invalid file - not a PKZip file
7:00 PM:   Warning: Invalid file - not a PKZip file
7:00 PM:   Warning: Invalid file - not a PKZip file
7:00 PM:   Warning: Invalid file - not a PKZip file
7:00 PM: File Sweep Complete, Elapsed Time: 00:11:55
7:00 PM: Full Sweep has completed.  Elapsed time 00:13:18
7:00 PM: Traces Found: 49
7:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:09 PM: Removal process initiated
7:09 PM:   Quarantining All Traces: cws-aboutblank
7:09 PM:   Quarantining All Traces: media-motor
7:09 PM:   Quarantining All Traces: surfsidekick
7:09 PM: Removal process completed.  Elapsed time 00:00:01
********
6:39 PM: |       Start of Session, Wednesday, March 22, 2006       |
6:39 PM: Spy Sweeper started
6:39 PM: Sweep initiated using definitions version 556
6:39 PM: Starting Memory Sweep
6:39 PM:   The Spy Communication shield has blocked access to: dl.web-nexus.net
6:39 PM:   The Spy Communication shield has blocked access to: dl.web-nexus.net
6:39 PM:   The Spy Communication shield has blocked access to: dl.web-nexus.net
6:39 PM:   The Spy Communication shield has blocked access to: dl.web-nexus.net
6:39 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:39 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:39 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:39 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:39 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:39 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:39 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:39 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:40 PM: Memory Sweep Complete, Elapsed Time: 00:01:38
6:40 PM: Starting Registry Sweep
6:40 PM:   Found Adware: cws-aboutblank
6:40 PM:   HKCR\protocols\filter\text/html\  (2 subtraces) (ID = 114343)
6:40 PM:   HKLM\software\classes\protocols\filter\text/html\  (2 subtraces) (ID = 115907)
6:40 PM:   Found Adware: media-motor
6:40 PM:   HKCR\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\  (23 subtraces) (ID = 140032)
6:40 PM:   HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\inprocserver32\  (2 subtraces) (ID = 140081)
6:40 PM:   HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\miscstatus\  (3 subtraces) (ID = 140082)
6:40 PM:   HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\progid\  (1 subtraces) (ID = 140083)
6:40 PM:   HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\toolboxbitmap32\  (1 subtraces) (ID = 140084)
6:40 PM:   HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\typelib\  (1 subtraces) (ID = 140085)
6:40 PM:   HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\version\  (1 subtraces) (ID = 140086)
6:40 PM:   HKLM\software\mm\  (1 subtraces) (ID = 140211)
6:40 PM:   Found Adware: surfsidekick
6:40 PM:   HKU\WRSS_Profile_S-1-5-21-370030131-3186773635-3883207141-500\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
6:40 PM:   HKU\WRSS_Profile_S-1-5-21-370030131-3186773635-3883207141-500\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
6:40 PM: Registry Sweep Complete, Elapsed Time:00:00:11
6:40 PM: Starting Cookie Sweep
6:40 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:40 PM: Starting File Sweep
6:41 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:41 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:41 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:41 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:41 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:41 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:41 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:41 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:42 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:42 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:42 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:42 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:42 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:42 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:42 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:42 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:43 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:43 PM:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:43 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:43 PM:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:43 PM: File Sweep Complete, Elapsed Time: 00:02:47
6:43 PM: Full Sweep has completed.  Elapsed time 00:04:37
6:43 PM: Traces Found: 49
6:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
6:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
6:47 PM: |       End of Session, Wednesday, March 22, 2006       |
********
6:37 PM: |       Start of Session, Wednesday, March 22, 2006       |
6:37 PM: Spy Sweeper started
6:38 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
6:39 PM: |       End of Session, Wednesday, March 22, 2006       |

Edited by happygeek: fixed formatting

0

And newest HJT:

Logfile of HijackThis v1.99.1
Scan saved at 7:19:13 PM, on 3/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\ewljb.exe
C:\WINDOWS\system32\rundll32.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bestbuy.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ewljb.exe
F2 - REG:system.ini: UserInit=userinit.exe,orsnlfi.exe
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.com
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.slehc.org/Autodesk/mgaxctrl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O18 - Protocol: bw+0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\k6pmlg7116.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

0

OH! Two last things
1. Thank you very much for taking the time to help me with this. My computer holds a lot of great memories for my family, and it would be a sad day if I lost it.

2. a pop-up keeps appearing that says:
"An exception occured while trying to run ""C:\WINDOWS\system32\guard.tmp",DllGetVersion"

Does that mean anything important other than "Hey lookie me!"

0

Unusual! Never seen Spysweeper not completely get Look2Me - must be a new variant, or something blocked the fix..

There is still several things we need to do based on your log...

Do you use Logitech Desktop Messenger? If not uninstall it thru Add/Remove Programs

Please go here ---> About:Buster 6.0 Tutorial
-- Follow the instructions to run About:Buster
- Be sure to run it in Safe Mode
- Run it TWICE as per the instructions
-Save the logs as ab1.txt and ab2.txt

Now Reboot back to Normal Mode...

Please download and EXTRACT QoologicFinder2 to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce 2 logs - Please attach BOTH with your next post!

Please go to this link and follow the instructions to scan with WinPFind by OldTimer.
Please save and attach the WinPFind Log for us.

Please download Look2Me-Destroyer.exe to your desktop.
-Close all windows before continuing.
-Double-click Look2Me-Destroyer.exe to run it.
-Put a check next to Run this program as a task.
-You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
-When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
-Once it's done scanning, click the Remove L2M button.
-You will receive a Done Scanning message, click OK.
-When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.

Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt

When you return I need the following logs
-Both About:Buster logs
-WinPFind log
-Both Qoologic logs
-Look2Me log
-New HijackThis log

After this we will try and clean up whats in the log :)

0

okie, I uninstalled the logitech messenger. Never used it, it appeared after I got a new keyboard and mouse.

On to round 2!

First, the about buster1:
AboutBuster 6.01
Scan started on [3/22/2006] at [9:56:58 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 9:57:38 PM



And buster2:
AboutBuster 6.01
Scan started on [3/22/2006] at [9:59:13 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 9:59:18 PM



Now for Win PF:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.


If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.


»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP    Current Build: Service Pack 2    Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180


»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»


Checking %SystemDrive% folder...
UPX!                 3/20/2006 3:39:08 AM        253952     C:\302.exe
UPX!                 3/20/2006 3:39:24 AM        601088     C:\315502.exe


Checking %ProgramFilesDir% folder...
UPX!                 3/29/2002 9:20:40 PM        55808      C:\Program Files\Key-generator 5590.exe


Checking %WinDir% folder...
UPX!                 3/18/2005 5:54:00 AM        43391      C:\WINDOWS\browser.exe
UPX!                 3/10/2004 9:11:46 PM        97800218   C:\WINDOWS\Dragon Pink - 01.asf
PEC2                 3/10/2004 9:11:46 PM        97800218   C:\WINDOWS\Dragon Pink - 01.asf


Checking %System% folder...
aspack               3/18/2005 4:19:58 PM        2337488    C:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2                 8/4/2004 1:00:00 AM         41397      C:\WINDOWS\SYSTEM32\dfrg.msc
WinShutDown          3/22/2006 6:35:56 PM    R S 235562     C:\WINDOWS\SYSTEM32\hr0205doe.dllad-w-a-r-e.com       3/22/2006 6:35:56 PM    R S 235562     C:\WINDOWS\SYSTEM32\hr0205doe.dll
WinShutDown          3/22/2006 9:46:32 PM    R S 236079     C:\WINDOWS\SYSTEM32\ktdycc.dllad-w-a-r-e.com       3/22/2006 9:46:32 PM    R S 236079     C:\WINDOWS\SYSTEM32\ktdycc.dll
PECompact2           3/9/2006 6:10:36 PM         4799320    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               3/9/2006 6:10:36 PM         4799320    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               8/4/2004 1:00:00 AM         708096     C:\WINDOWS\SYSTEM32\ntdll.dll
WinShutDown          3/22/2006 6:39:58 PM    R S 235357     C:\WINDOWS\SYSTEM32\o6660gjse6o60.dllad-w-a-r-e.com       3/22/2006 6:39:58 PM    R S 235357     C:\WINDOWS\SYSTEM32\o6660gjse6o60.dll
Umonitor             8/4/2004 1:00:00 AM         657920     C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync              8/4/2004 1:00:00 AM         1309184    C:\WINDOWS\SYSTEM32\wbdbase.deu69.59.186.63         3/22/2006 9:48:50 PM        51712      C:\WINDOWS\SYSTEM32\__delete_on_reboot__tuugsht.dll209.66.67.134        3/22/2006 9:48:50 PM        51712      C:\WINDOWS\SYSTEM32\__delete_on_reboot__tuugsht.dll
web-nex              3/22/2006 9:48:50 PM        51712      C:\WINDOWS\SYSTEM32\__delete_on_reboot__tuugsht.dll


Checking %System%\Drivers folder and sub-folders...


Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts127.0.0.1  www.qoologic.com127.0.0.1  www.urllogic.com



Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
3/22/2006 10:00:30 PM     S 2048       C:\WINDOWS\bootstat.dat
3/22/2006 9:59:52 PM    R S 235357     C:\WINDOWS\system32\dnl8013ue.dll
3/22/2006 6:35:56 PM    R S 235562     C:\WINDOWS\system32\hr0205doe.dll
3/22/2006 9:46:32 PM    R S 236079     C:\WINDOWS\system32\ktdycc.dll
3/22/2006 10:00:40 PM   R S 237331     C:\WINDOWS\system32\mgrating.dll
3/22/2006 6:39:58 PM    R S 235357     C:\WINDOWS\system32\o6660gjse6o60.dll
3/22/2006 9:55:50 PM    R S 237331     C:\WINDOWS\system32\s4pule791h.dll
3/22/2006 10:01:52 PM    H  35864      C:\WINDOWS\system32\vsconfig.xml
3/22/2006 10:18:32 PM    H  1024       C:\WINDOWS\system32\config\default.LOG
3/22/2006 10:00:36 PM    H  1024       C:\WINDOWS\system32\config\SAM.LOG
3/22/2006 10:02:10 PM    H  1024       C:\WINDOWS\system32\config\SECURITY.LOG
3/22/2006 10:18:32 PM    H  1024       C:\WINDOWS\system32\config\software.LOG
3/22/2006 10:19:18 PM    H  1024       C:\WINDOWS\system32\config\system.LOG
3/15/2006 3:00:32 AM     H  1024       C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
3/22/2006 2:32:46 PM      S 21601      C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1
3/22/2006 2:32:44 PM      S 408        C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019
3/22/2006 2:32:46 PM      S 120        C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1
3/22/2006 2:32:44 PM      S 124        C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019
3/19/2006 9:02:22 PM     HS 388        C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\2fd2bd0a-b372-4d01-bf57-ead521f848f1
3/19/2006 9:02:22 PM     HS 24         C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
3/22/2006 10:00:48 PM    H  6          C:\WINDOWS\Tasks\SA.DAT
3/22/2006 5:06:28 PM     HS 113        C:\WINDOWS\Temp\History\History.IE5\desktop.ini
3/22/2006 5:06:28 PM     HS 67         C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini


Checking for CPL files...
Microsoft Corporation          8/4/2004 1:00:00 AM         68608      C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp.    5/14/2004 8:26:34 PM        14268928   C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation          8/4/2004 1:00:00 AM         549888     C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         110592     C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         135168     C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         80384      C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         155136     C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation              6/21/2005 3:46:18 PM        94208      C:\WINDOWS\SYSTEM32\igfxcpl.cpl
9/28/2005 7:37:44 PM        53248      C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         358400     C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         129536     C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         380416     C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         68608      C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc.         11/10/2005 1:03:50 PM       49265      C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         187904     C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         618496     C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         35840      C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         25600      C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         257024     C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         32768      C:\WINDOWS\SYSTEM32\odbccp32.cpl
Squid Software OÜ              6/11/2005 10:17:54 PM       77312      C:\WINDOWS\SYSTEM32\P2P Networking v126.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         114688     C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         298496     C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         28160      C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         94208      C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         148480     C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation          5/26/2005 3:16:30 AM        174360     C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation          5/26/2005 3:16:30 AM        174360     C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Intel Corporation              2/10/2004 6:53:24 PM        94208      C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxcpl.cpl


»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»


Checking files in %ALLUSERSPROFILE%\Startup folder...
9/28/2005 7:23:54 PM        1018       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
9/17/2004 1:20:52 PM     HS 84         C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
3/21/2006 4:44:02 PM        127488     C:\Documents and Settings\All Users\Start Menu\Programs\Startup\fuhgh.exe
9/28/2005 7:16:26 PM        1762       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
9/27/2005 5:32:56 PM        1785       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk


Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/17/2004 8:10:44 AM     HS 62         C:\Documents and Settings\All Users\Application Data\desktop.ini


Checking files in %USERPROFILE%\Startup folder...
9/17/2004 1:20:52 PM     HS 84         C:\Documents and Settings\Mikey\Start Menu\Programs\Startup\desktop.ini


Checking files in %USERPROFILE%\Application Data folder...
9/17/2004 8:10:44 AM     HS 62         C:\Documents and Settings\Mikey\Application Data\desktop.ini
3/22/2006 2:47:38 PM        30048      C:\Documents and Settings\Mikey\Application Data\GDIPFONTCACHEV1.DAT


»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{6EF8FABF-2A9E-437D-A13A-0860CE2209BD}   = C:\WINDOWS\system32\dcwave.dll
{F4548148-DC96-4FA1-B4C7-88A89715580B}   = C:\WINDOWS\system32\vnrsion.dll
{5B56CF96-6A79-49AC-8C63-485540C97188}   = C:\WINDOWS\system32\rvoc3260.dll
{8D78E43F-6265-4451-A8D3-A2D17C057CC4}   = C:\WINDOWS\system32\mgrating.dll


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}   = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}   = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499}   = C:\Program Files\Yahoo!\common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin   = %SystemRoot%\system32\SHELL32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B}   = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\UnlockerShellExtension
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}   = C:\Program Files\Unlocker\UnlockerCOM.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}   = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}   = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{CE3A44D8-BC88-4D62-A890-42D96245F8D6}
= C:\WINDOWS\system32\dmonwv.dll


[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAAC59E5-093D-4D24-A105-55BFE4ACDE14}
Yvakt Class = C:\WINDOWS\system32\w9seq.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}   = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88}   = &Yahoo! Companion    : C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText     = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2499216C-4BA5-11D5-BD9C-000103C116D5}
ButtonText   = Yahoo! Login :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText   = Messenger    :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4ABF810A-F11D-4169-9D5F-7D274F2270A1}
MenuText     = Java :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText   = AIM  : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText   = Messenger    : C:\Program Files\Messenger\msmsgs.exe


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus   : C:\Program Files\Norton AntiVirus\NavShExt.dll
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{F5735C15-1FB2-41FE-BA12-242757E69DDE} =    :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus   : C:\Program Files\Norton AntiVirus\NavShExt.dll
{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} =    :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion  : C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
q8lg    "C:\WINDOWS\system32\slk8x2peu.exe"
UnlockerAssistant   C:\Program Files\Unlocker\UnlockerAssistant.exe
SpySweeper  "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
meywbw  C:\WINDOWS\system32\nnufby.exe reg_run


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
jbgyc   C:\WINDOWS\system32\nnufby.exe reg_run
ctfmon.exe  C:\WINDOWS\system32\ctfmon.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey    HKLM
command
inimapping  0



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    hkcmd
hkey    HKLM
command C:\WINDOWS\system32\hkcmd.exe
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    hkcmd
hkey    HKLM
command C:\WINDOWS\system32\hkcmd.exe
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    igfxtray
hkey    HKLM
command C:\WINDOWS\system32\igfxtray.exe
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    igfxtray
hkey    HKLM
command C:\WINDOWS\system32\igfxtray.exe
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KAZAA
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    kazaa
hkey    HKLM
command C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    kazaa
hkey    HKLM
command C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LDM
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey    HKCU
command \Program\
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey    HKCU
command \Program\
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NetZero_uoltray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    exec
hkey    HKCU
command C:\Program Files\NetZero\exec.exe regrun
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    exec
hkey    HKCU
command C:\Program Files\NetZero\exec.exe regrun
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\P2P Networking
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    P2P Networking
hkey    HKLM
command C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    P2P Networking
hkey    HKLM
command C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    PDVDServ
hkey    HKLM
command "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    PDVDServ
hkey    HKLM
command "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\spc_w
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    nzspc
hkey    HKCU
command "C:\Program Files\NZSearch\nzspc.exe" -w
inimapping  0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item    nzspc
hkey    HKCU
command "C:\Program Files\NZSearch\nzspc.exe" -w
inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini  0
win.ini 0
bootini 0
services    0
startup 2



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon    1
undockwithoutlogon  1



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun  145


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
dspimd  C:\WINDOWS\system32\dspimd.exe



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder                {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn                          {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck                        {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray                         {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit    = userinit.exe,orsnlfi.exe
Shell       = Explorer.exe, C:\WINDOWS\system32\ewljb.exe
System      =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP
= C:\WINDOWS\system32\s4pule791h.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs



»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 3/22/2006 10:19:34 PM



Qoologic gave bad links, I couldn't find that one I'm afraid.


Look Destroyer Log:
Look2Me-Destroyer V1.0.11


Scanning for infected files.....
Scan started at 3/22/2006 10:38:11 PM


Infected! C:\WINDOWS\system32\s4pule791h.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096741.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096744.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0097743.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098750.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098761.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098768.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098772.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098776.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098787.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098792.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098806.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098814.dll
Infected! C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098818.dll
Infected! C:\WINDOWS\system32\dnl8013ue.dll
Infected! C:\WINDOWS\system32\hr0205doe.dll
Infected! C:\WINDOWS\system32\ktdycc.dll
Infected! C:\WINDOWS\system32\mgrating.dll
Infected! C:\WINDOWS\system32\o6660gjse6o60.dll
Infected! C:\WINDOWS\system32\s4pule791h.dll


Attempting to delete infected files...


Attempting to delete: C:\WINDOWS\system32\s4pule791h.dll
C:\WINDOWS\system32\s4pule791h.dll Deleted successfully!


Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096741.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096741.dll Deleted successfully!


Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096744.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP432\A0096744.dll Deleted successfully!


Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0097743.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0097743.dll Deleted successfully!


Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098750.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098750.dll Deleted successfully!


Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098761.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098761.dll Deleted successfully!


Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098768.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098768.dll Deleted successfully!


Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098772.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098772.dll Deleted successfully!


Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098776.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098776.dll Deleted successfully!


Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098787.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098787.dll Deleted successfully!


Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098792.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098792.dll Deleted successfully!


Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098806.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098806.dll Deleted successfully!


Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098814.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098814.dll Deleted successfully!


Attempting to delete: C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098818.dll
C:\System Volume Information\_restore{08FE06DE-74FB-43B7-BD26-497583CBFE3A}\RP434\A0098818.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\dnl8013ue.dll
C:\WINDOWS\system32\dnl8013ue.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\hr0205doe.dll
C:\WINDOWS\system32\hr0205doe.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\ktdycc.dll
C:\WINDOWS\system32\ktdycc.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\mgrating.dll
C:\WINDOWS\system32\mgrating.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\o6660gjse6o60.dll
C:\WINDOWS\system32\o6660gjse6o60.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\s4pule791h.dll
C:\WINDOWS\system32\s4pule791h.dll Deleted successfully!


Making registry repairs.


Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IPConfTSP


Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6EF8FABF-2A9E-437D-A13A-0860CE2209BD}"
HKCR\Clsid\{6EF8FABF-2A9E-437D-A13A-0860CE2209BD}


Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F4548148-DC96-4FA1-B4C7-88A89715580B}"
HKCR\Clsid\{F4548148-DC96-4FA1-B4C7-88A89715580B}


Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5B56CF96-6A79-49AC-8C63-485540C97188}"
HKCR\Clsid\{5B56CF96-6A79-49AC-8C63-485540C97188}


Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8D78E43F-6265-4451-A8D3-A2D17C057CC4}"
HKCR\Clsid\{8D78E43F-6265-4451-A8D3-A2D17C057CC4}


Restoring Windows certificates.


Replaced hosts file with default windows hosts file



Restoring SeDebugPrivilege for Administrators - Succeeded

Edited by happygeek: fixed formatting

0

And the most recent HJT:

Logfile of HijackThis v1.99.1
Scan saved at 10:46:36 PM, on 3/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\slk8x2peu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bestbuy.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ewljb.exe
F2 - REG:system.ini: UserInit=userinit.exe,orsnlfi.exe
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.com
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.slehc.org/Autodesk/mgaxctrl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O18 - Protocol: bw+0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


There we go. Lemme know what else you might need, and thank you again

0

Alright. It doesn't appear Logitech Desktop Messenger was uninstalled correctly because the 018 entries would be gone.

Go to Start>Control Panel>Add/Remove Programs
-Choose Logitech Desktop Messenger
-Click Change/Remove

Now open HijackThis
-Choose Open Misc Tools
-Choose Process Manager
-Locate C:\WINDOWS\system32\slk8x2peu.exe
-Choose Kill Task

Now scan with HijackThis and place a check next to the following

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ewljb.exe
F2 - REG:system.ini: UserInit=userinit.exe,orsnlfi.exe
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\system32\slk8x2peu.exe"
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://free.aol.com
O18 - Protocol: bw+0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {70BD2135-817E-461E-BA9D-D24917A38585} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll

Now with ALL Browsers closed, choose Fix Checked

Now open Pocket Killbox
-Copy and Paste the following into the box one by one
-Choose Delete on Reboot and unregister dll options
-Do Not reboot until all have been entered

C:\WINDOWS\system32\w9seq.dll
C:\WINDOWS\system32\ewljb.exe
C:\WINDOWS\system32\orsnlfi.exe
C:\WINDOWS\system32\slk8x2peu.exe

After the last one is entered choose YES to reboot. If you receive an error, please reboot manually.

Afterwords please attach a new HijackThis log and a new WinPFind log.

Hang in there ;)

0

Okie, did what you said, and here's the results

Winp:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP    Current Build: Service Pack 2    Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX!                 3/20/2006 3:39:08 AM        253952     C:\302.exe
UPX!                 3/20/2006 3:39:24 AM        601088     C:\315502.exe

Checking %ProgramFilesDir% folder...
UPX!                 3/29/2002 9:20:40 PM        55808      C:\Program Files\Key-generator 5590.exe

Checking %WinDir% folder...
UPX!                 3/18/2005 5:54:00 AM        43391      C:\WINDOWS\browser.exe
UPX!                 3/10/2004 9:11:46 PM        97800218   C:\WINDOWS\Dragon Pink - 01.asf
PEC2                 3/10/2004 9:11:46 PM        97800218   C:\WINDOWS\Dragon Pink - 01.asf

Checking %System% folder...
aspack               3/18/2005 4:19:58 PM        2337488    C:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2                 8/4/2004 1:00:00 AM         41397      C:\WINDOWS\SYSTEM32\dfrg.msc
PECompact2           3/9/2006 6:10:36 PM         4799320    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               3/9/2006 6:10:36 PM         4799320    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               8/4/2004 1:00:00 AM         708096     C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor             8/4/2004 1:00:00 AM         657920     C:\WINDOWS\SYSTEM32\rasdlg.dll
69.59.186.63         3/23/2006 3:47:22 PM        51712      C:\WINDOWS\SYSTEM32\tuugsht.dll
209.66.67.134        3/23/2006 3:47:22 PM        51712      C:\WINDOWS\SYSTEM32\tuugsht.dll
web-nex              3/23/2006 3:47:22 PM        51712      C:\WINDOWS\SYSTEM32\tuugsht.dll
winsync              8/4/2004 1:00:00 AM         1309184    C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
                     3/23/2006 4:34:44 PM      S 2048       C:\WINDOWS\bootstat.dat
                     3/23/2006 4:36:20 PM     H  35864      C:\WINDOWS\system32\vsconfig.xml
                     3/23/2006 4:37:46 PM     H  1024       C:\WINDOWS\system32\config\default.LOG
                     3/23/2006 4:34:50 PM     H  1024       C:\WINDOWS\system32\config\SAM.LOG
                     3/23/2006 4:36:16 PM     H  1024       C:\WINDOWS\system32\config\SECURITY.LOG
                     3/23/2006 4:53:08 PM     H  1024       C:\WINDOWS\system32\config\software.LOG
                     3/23/2006 4:37:56 PM     H  1024       C:\WINDOWS\system32\config\system.LOG
                     3/15/2006 3:00:32 AM     H  1024       C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
                     3/22/2006 2:32:46 PM      S 21601      C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1
                     3/22/2006 2:32:44 PM      S 408        C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019
                     3/22/2006 2:32:46 PM      S 120        C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1
                     3/22/2006 2:32:44 PM      S 124        C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019
                     3/19/2006 9:02:22 PM     HS 388        C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\2fd2bd0a-b372-4d01-bf57-ead521f848f1
                     3/19/2006 9:02:22 PM     HS 24         C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
                     3/23/2006 4:35:00 PM     H  6          C:\WINDOWS\Tasks\SA.DAT
                     3/22/2006 5:06:28 PM     HS 113        C:\WINDOWS\Temp\History\History.IE5\desktop.ini
                     3/22/2006 5:06:28 PM     HS 67         C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini

Checking for CPL files...
Microsoft Corporation          8/4/2004 1:00:00 AM         68608      C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp.    5/14/2004 8:26:34 PM        14268928   C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation          8/4/2004 1:00:00 AM         549888     C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         110592     C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         135168     C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         80384      C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         155136     C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation              6/21/2005 3:46:18 PM        94208      C:\WINDOWS\SYSTEM32\igfxcpl.cpl
                               9/28/2005 7:37:44 PM        53248      C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         358400     C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         129536     C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         380416     C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         68608      C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc.         11/10/2005 1:03:50 PM       49265      C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         187904     C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         618496     C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         35840      C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         25600      C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         257024     C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         32768      C:\WINDOWS\SYSTEM32\odbccp32.cpl
Squid Software OÜ              6/11/2005 10:17:54 PM       77312      C:\WINDOWS\SYSTEM32\P2P Networking v126.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         114688     C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         298496     C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         28160      C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         94208      C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         148480     C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation          5/26/2005 3:16:30 AM        174360     C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation          5/26/2005 3:16:30 AM        174360     C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Intel Corporation              2/10/2004 6:53:24 PM        94208      C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
                     9/28/2005 7:23:54 PM        1018       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
                     9/17/2004 1:20:52 PM     HS 84         C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
                     9/28/2005 7:16:26 PM        1762       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
                     9/27/2005 5:32:56 PM        1785       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
                     9/17/2004 8:10:44 AM     HS 62         C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
                     9/17/2004 1:20:52 PM     HS 84         C:\Documents and Settings\Mikey\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
                     9/17/2004 8:10:44 AM     HS 62         C:\Documents and Settings\Mikey\Application Data\desktop.ini
                     3/22/2006 2:47:38 PM        30048      C:\Documents and Settings\Mikey\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    sv1  = 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
    {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}   = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03}   = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
    {09799AFB-AD67-11d1-ABCD-00C04FC30936}   = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
    {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
    {5464D816-CF16-4784-B9F3-75C0DB52B499}   = C:\Program Files\Yahoo!\common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    Start Menu Pin   = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
    {7C9D5882-CB4A-4090-96C8-430BFE8B795B}   = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
    {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\UnlockerShellExtension
    {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}   = C:\Program Files\Unlocker\UnlockerCOM.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
    {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}   = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03}   = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
    {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}   = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
     = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
     = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
     = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
     = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{CE3A44D8-BC88-4D62-A890-42D96245F8D6}
     = C:\WINDOWS\system32\dmonwv.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    &Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
    &Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}   = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
    {EF99BD32-C1FB-11D2-892F-0090271D4F88}   = &Yahoo! Companion    : C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    MenuText     = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2499216C-4BA5-11D5-BD9C-000103C116D5}
    ButtonText   = Yahoo! Login : 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    ButtonText   = Messenger    : 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
    ButtonText   = AIM  : C:\Program Files\AIM\aim.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    &Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
    File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
    Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus   : C:\Program Files\Norton AntiVirus\NavShExt.dll
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
    {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
    {F5735C15-1FB2-41FE-BA12-242757E69DDE} =    : 
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus   : C:\Program Files\Norton AntiVirus\NavShExt.dll
    {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} =    : 
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion  : C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    UnlockerAssistant   C:\Program Files\Unlocker\UnlockerAssistant.exe
    SpySweeper  "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    jbgyc   C:\WINDOWS\system32\nnufby.exe reg_run
    ctfmon.exe  C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    
    hkey    HKLM
    command 
    inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    hkcmd
    hkey    HKLM
    command C:\WINDOWS\system32\hkcmd.exe
    inimapping  0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    hkcmd
    hkey    HKLM
    command C:\WINDOWS\system32\hkcmd.exe
    inimapping  0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    igfxtray
    hkey    HKLM
    command C:\WINDOWS\system32\igfxtray.exe
    inimapping  0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    igfxtray
    hkey    HKLM
    command C:\WINDOWS\system32\igfxtray.exe
    inimapping  0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KAZAA
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    kazaa
    hkey    HKLM
    command C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    inimapping  0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    kazaa
    hkey    HKLM
    command C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    inimapping  0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LDM
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    
    hkey    HKCU
    command \Program\
    inimapping  0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    
    hkey    HKCU
    command \Program\
    inimapping  0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NetZero_uoltray
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    exec
    hkey    HKCU
    command C:\Program Files\NetZero\exec.exe regrun
    inimapping  0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    exec
    hkey    HKCU
    command C:\Program Files\NetZero\exec.exe regrun
    inimapping  0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\P2P Networking
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    P2P Networking
    hkey    HKLM
    command C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
    inimapping  0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    P2P Networking
    hkey    HKLM
    command C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
    inimapping  0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    PDVDServ
    hkey    HKLM
    command "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    inimapping  0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    PDVDServ
    hkey    HKLM
    command "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    inimapping  0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\spc_w
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    nzspc
    hkey    HKCU
    command "C:\Program Files\NZSearch\nzspc.exe" -w
    inimapping  0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    nzspc
    hkey    HKCU
    command "C:\Program Files\NZSearch\nzspc.exe" -w
    inimapping  0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
    system.ini  0
    win.ini 0
    bootini 0
    services    0
    startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
    {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
    {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} = 


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    dontdisplaylastusername 0
    legalnoticecaption  
    legalnoticetext 
    shutdownwithoutlogon    1
    undockwithoutlogon  1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    NoDriveTypeAutoRun  145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    dspimd  C:\WINDOWS\system32\dspimd.exe


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    PostBootReminder                {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
    CDBurn                          {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
    WebCheck                        {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
    SysTray                         {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit    = C:\WINDOWS\SYSTEM32\Userinit.exe,orsnlfi.exe
    Shell       = Explorer.exe, C:\WINDOWS\system32\ewljb.exe
    System      = 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
     = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
     = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
     = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
     = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
     = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
     = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
     = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
     = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
     = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
     = WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
    Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLs    


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 3/23/2006 4:57:44 PM

And Hijack:

Logfile of HijackThis v1.99.1
Scan saved at 4:59:06 PM, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Hijack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://yahoo.sbc.com/dsl[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://yahoo.sbc.com/dsl[/url]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://www.bestbuy.com/[/url]
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ewljb.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,orsnlfi.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [jbgyc] C:\WINDOWS\system32\nnufby.exe reg_run
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - [url]http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab[/url]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - [url]http://www.slehc.org/Autodesk/mgaxctrl.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url]http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab[/url]
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - [url]http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab[/url]
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - [url]http://zone.msn.com/bingame/shpo/default/shapo.cab[/url]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [url]http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab[/url]
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by mike_2000_17: Fixed formatting

0

Alright...few more things to get

First look in Add/Remove Programs and uninstall the following

Kazaa
P2P Networking
NZSearch

Now reboot to Safe Mode

While in Safe Mode do the following

Go to C:\WINDOWS\system.ini
-Open System.ini in notepad
-Delete the following in bold only

Shell=Explorer.exe, C:\WINDOWS\system32\ewljb.exe
UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,orsnlfi.exe

Now click File>Save and close Notepad

Scan with HijackThis and place a check next to the following

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ewljb.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,orsnlfi.exe
O4 - HKCU\..\Run: [jbgyc] C:\WINDOWS\system32\nnufby.exe reg_run

Now close ALL Browsers and choose FIX CHECKED

Now open Pocket Killbox
-Copy and Paste the following one by one
-Use Delete on Reboot and unregister dll
-Do not reboot until the last one has been entered

C:\WINDOWS\system32\ewljb.exe
C:\WINDOWS\SYSTEM32\orsnlfi.exe
C:\WINDOWS\system32\nnufby.exe
C:\302.exe
C:\315502.exe
C:\Program Files\Key-generator 5590.exe
C:\WINDOWS\browser.exe
C:\WINDOWS\SYSTEM32\tuugsht.dll
C:\WINDOWS\system32\dmonwv.dll
C:\WINDOWS\system32\dspimd.exe

Reboot your PC after the last has been entered.

Once again attach one of each log - if editting the system.ini doesnt get the files in question, we will have to snatch them out ;)

0

Okie, I couldn't find Kazaa, p2p, or even NZ in add/remove, and those files weren't in system.ini

But here's the newest logs:

Logfile of HijackThis v1.99.1
Scan saved at 9:23:43 PM, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Hijack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://yahoo.sbc.com/dsl[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://yahoo.sbc.com/dsl[/url]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://www.bestbuy.com/[/url]
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - [url]http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab[/url]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - [url]http://www.slehc.org/Autodesk/mgaxctrl.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url]http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab[/url]
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - [url]http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab[/url]
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - [url]http://zone.msn.com/bingame/shpo/default/shapo.cab[/url]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [url]http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab[/url]
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP    Current Build: Service Pack 2    Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX!                 3/10/2004 9:11:46 PM        97800218   C:\WINDOWS\Dragon Pink - 01.asf
PEC2                 3/10/2004 9:11:46 PM        97800218   C:\WINDOWS\Dragon Pink - 01.asf

Checking %System% folder...
aspack               3/18/2005 4:19:58 PM        2337488    C:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2                 8/4/2004 1:00:00 AM         41397      C:\WINDOWS\SYSTEM32\dfrg.msc
PECompact2           3/9/2006 6:10:36 PM         4799320    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               3/9/2006 6:10:36 PM         4799320    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               8/4/2004 1:00:00 AM         708096     C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor             8/4/2004 1:00:00 AM         657920     C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync              8/4/2004 1:00:00 AM         1309184    C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
                     3/23/2006 9:14:38 PM      S 2048       C:\WINDOWS\bootstat.dat
                     3/23/2006 9:15:42 PM     H  35864      C:\WINDOWS\system32\vsconfig.xml
                     3/23/2006 9:28:02 PM     H  20480      C:\WINDOWS\system32\config\default.LOG
                     3/23/2006 9:14:44 PM     H  1024       C:\WINDOWS\system32\config\SAM.LOG
                     3/23/2006 9:16:18 PM     H  1024       C:\WINDOWS\system32\config\SECURITY.LOG
                     3/23/2006 9:28:02 PM     H  28672      C:\WINDOWS\system32\config\software.LOG
                     3/23/2006 9:16:28 PM     H  1024       C:\WINDOWS\system32\config\system.LOG
                     3/15/2006 3:00:32 AM     H  1024       C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
                     3/22/2006 2:32:46 PM      S 21601      C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1
                     3/22/2006 2:32:44 PM      S 408        C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019
                     3/22/2006 2:32:46 PM      S 120        C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1
                     3/22/2006 2:32:44 PM      S 124        C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019
                     3/19/2006 9:02:22 PM     HS 388        C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\2fd2bd0a-b372-4d01-bf57-ead521f848f1
                     3/19/2006 9:02:22 PM     HS 24         C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
                     3/23/2006 9:14:54 PM     H  6          C:\WINDOWS\Tasks\SA.DAT
                     3/22/2006 5:06:28 PM     HS 113        C:\WINDOWS\Temp\History\History.IE5\desktop.ini
                     3/22/2006 5:06:28 PM     HS 67         C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini

Checking for CPL files...
Microsoft Corporation          8/4/2004 1:00:00 AM         68608      C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp.    5/14/2004 8:26:34 PM        14268928   C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation          8/4/2004 1:00:00 AM         549888     C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         110592     C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         135168     C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         80384      C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         155136     C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation              6/21/2005 3:46:18 PM        94208      C:\WINDOWS\SYSTEM32\igfxcpl.cpl
                               9/28/2005 7:37:44 PM        53248      C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         358400     C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         129536     C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         380416     C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         68608      C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc.         11/10/2005 1:03:50 PM       49265      C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         187904     C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         618496     C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         35840      C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         25600      C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         257024     C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         32768      C:\WINDOWS\SYSTEM32\odbccp32.cpl
Squid Software OÜ              6/11/2005 10:17:54 PM       77312      C:\WINDOWS\SYSTEM32\P2P Networking v126.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         114688     C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         298496     C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         28160      C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         94208      C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation          8/4/2004 1:00:00 AM         148480     C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation          5/26/2005 3:16:30 AM        174360     C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation          5/26/2005 3:16:30 AM        174360     C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Intel Corporation              2/10/2004 6:53:24 PM        94208      C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
                     9/28/2005 7:23:54 PM        1018       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
                     9/17/2004 1:20:52 PM     HS 84         C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
                     9/28/2005 7:16:26 PM        1762       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
                     9/27/2005 5:32:56 PM        1785       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
                     9/17/2004 8:10:44 AM     HS 62         C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
                     9/17/2004 1:20:52 PM     HS 84         C:\Documents and Settings\Mikey\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
                     9/17/2004 8:10:44 AM     HS 62         C:\Documents and Settings\Mikey\Application Data\desktop.ini
                     3/22/2006 2:47:38 PM        30048      C:\Documents and Settings\Mikey\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    sv1  = 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
    {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}   = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03}   = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
    {09799AFB-AD67-11d1-ABCD-00C04FC30936}   = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
    {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
    {5464D816-CF16-4784-B9F3-75C0DB52B499}   = C:\Program Files\Yahoo!\common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    Start Menu Pin   = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
    {7C9D5882-CB4A-4090-96C8-430BFE8B795B}   = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
    {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}   = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\UnlockerShellExtension
    {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}   = C:\Program Files\Unlocker\UnlockerCOM.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
    {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}   = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03}   = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
    {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}   = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
     = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
     = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
     = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
     = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{CE3A44D8-BC88-4D62-A890-42D96245F8D6}
     = C:\WINDOWS\system32\dmonwv.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    &Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
    &Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}   = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
    {EF99BD32-C1FB-11D2-892F-0090271D4F88}   = &Yahoo! Companion    : C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    MenuText     = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2499216C-4BA5-11D5-BD9C-000103C116D5}
    ButtonText   = Yahoo! Login : 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    ButtonText   = Messenger    : 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
    ButtonText   = AIM  : C:\Program Files\AIM\aim.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    &Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
    File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
    Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus   : C:\Program Files\Norton AntiVirus\NavShExt.dll
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
    {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
    {F5735C15-1FB2-41FE-BA12-242757E69DDE} =    : 
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus   : C:\Program Files\Norton AntiVirus\NavShExt.dll
    {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} =    : 
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion  : C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    UnlockerAssistant   C:\Program Files\Unlocker\UnlockerAssistant.exe
    SpySweeper  "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    ctfmon.exe  C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    
    hkey    HKLM
    command 
    inimapping  0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    hkcmd
    hkey    HKLM
    command C:\WINDOWS\system32\hkcmd.exe
    inimapping  0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    hkcmd
    hkey    HKLM
    command C:\WINDOWS\system32\hkcmd.exe
    inimapping  0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    igfxtray
    hkey    HKLM
    command C:\WINDOWS\system32\igfxtray.exe
    inimapping  0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    igfxtray
    hkey    HKLM
    command C:\WINDOWS\system32\igfxtray.exe
    inimapping  0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KAZAA
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    kazaa
    hkey    HKLM
    command C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    inimapping  0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    kazaa
    hkey    HKLM
    command C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    inimapping  0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LDM
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    
    hkey    HKCU
    command \Program\
    inimapping  0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    
    hkey    HKCU
    command \Program\
    inimapping  0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NetZero_uoltray
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    exec
    hkey    HKCU
    command C:\Program Files\NetZero\exec.exe regrun
    inimapping  0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    exec
    hkey    HKCU
    command C:\Program Files\NetZero\exec.exe regrun
    inimapping  0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\P2P Networking
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    P2P Networking
    hkey    HKLM
    command C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
    inimapping  0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    P2P Networking
    hkey    HKLM
    command C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
    inimapping  0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    PDVDServ
    hkey    HKLM
    command "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    inimapping  0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    PDVDServ
    hkey    HKLM
    command "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    inimapping  0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\spc_w
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    nzspc
    hkey    HKCU
    command "C:\Program Files\NZSearch\nzspc.exe" -w
    inimapping  0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    nzspc
    hkey    HKCU
    command "C:\Program Files\NZSearch\nzspc.exe" -w
    inimapping  0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
    system.ini  0
    win.ini 0
    bootini 0
    services    0
    startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
    {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
    {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} = 


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    dontdisplaylastusername 0
    legalnoticecaption  
    legalnoticetext 
    shutdownwithoutlogon    1
    undockwithoutlogon  1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    NoDriveTypeAutoRun  145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    dspimd  C:\WINDOWS\system32\dspimd.exe


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    PostBootReminder                {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
    CDBurn                          {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
    WebCheck                        {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
    SysTray                         {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit    = C:\WINDOWS\SYSTEM32\Userinit.exe,
    Shell       = explorer.exe
    System      = 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
     = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
     = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
     = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
     = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
     = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
     = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
     = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
     = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
     = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
     = WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
    Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLs    


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 3/23/2006 9:28:05 PM

Also, World of Warcraft (an online mmorpg I play) has ceased to work. I tried to uninstall and reinstall it, but to no avail. Any suggestions?

Oh well, bed and work after this, thank you again

Edited by mike_2000_17: Fixed formatting

0

Use Killbox and get the rest of these..

C:\WINDOWS\SYSTEM32\P2P Networking v126.cpl
C:\WINDOWS\system32\dmonwv.dll
C:\Program Files\Kazaa
C:\WINDOWS\system32\P2P Networking
C:\Program Files\NZSearch
C:\WINDOWS\system32\dspimd.exe

Same options as before
-Delete on Reboot and Unregister.dll

Not sure what the problem would be with your game, when did it stop working?

No valid files were removed...if that be the case reinstalling it should have solved the issue.

0

Okie, I guess you want to see one last go at the HJT?

Logfile of HijackThis v1.99.1
Scan saved at 11:21:55 AM, on 3/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bestbuy.com/
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.slehc.org/Autodesk/mgaxctrl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Well, it stopped working after that first time I hit "Fix checked" in HJT, or somewhere around that step. I probably missed a letter and got sometiung else.

0

That last log looks good.

Your game issue would be better served in the Software section. Are you getting any errors or anything?

A complete uninstall thru Add/Remove programs and then a reinstall should really solve the problem though...

0

When i first started the game up, it spat out an error saying "socket not found, forced disconnect"
Then when I reinstalled it, it said there was an important file not found.
I gonna try another remove-program, and see what happens.

Comp's running great now, no lags, nice speed, and popups are gone as well. Thanks heaps for the help!

0

Okie, I ran scandisk, defrag, and tried to re-install the game, and nothing.

I called up the game's tech support office, and told them the error code, and was informed that "That error comes up when your firewall is blocking the game", and didn't want to help me figure out how to open up 2 ports to allow it to run.

Any way you can toss over some assistance? I can't see any firewalls running now, but that's the error message...

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.