Another Hijack this log...
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Another Hijack this log...

  1. #1
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065

    Question Another Hijack this log...

    Here is my hijack this log, I have some Ideas of which are bad and which aren't, but I thought I would get a second oppinion. I am suspicious of all the 1hrr7oyn.dll's but google didn't come up with anything, I will keep trying. And all the logitech protocals are pissing me off. I already tried deleting them but the reapear in the next scan... *sigh* I have been getting pop ups latley and weird redirections claiming that I didn't type the URL correctly, but I know I know I did. I already did a full scan with Adaware, spybot, Norton, and CWShredder, all updated and both in normal and safe mode.

    Anyway, here it is:


    Logfile of HijackThis v1.97.7
    Scan saved at 10:31:42 PM, on 2/20/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\LTMSG.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\hpdll\hpdll.exe
    C:\Program Files\hpdll\tempdl\RAS012505.exe
    C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
    C:\WINDOWS\System32\wexamon.exe
    C:\Program Files\1hrr7oyn\1hrr7oyn.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\AIM\aim.exe
    C:\Documents and Settings\Owner\Application Data\wtta.exe
    C:\WINDOWS\System32\arpa.exe
    C:\WINDOWS\System32\wdiwan.exe
    C:\WINDOWS\System32\sysmonnt.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\WINDOWS\DvzCommon\DvzMsgr.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\BRMFRSMG.EXE
    C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Palm\HOTSYNC.EXE
    C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Owner\Desktop\computer security\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.msn.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    O2 - BHO: (no name) - {0ADAC788-30EC-4EBC-ADBD-D0FFF17BA1EA} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: (no name) - {1DA0E960-6302-43F8-BB6A-68D3562067E1} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: (no name) - {1E54CD0A-7EDA-4EF7-BEE8-8234C2AD1BC3} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: (no name) - {29EA4C49-6882-4597-903C-65C76AEBD394} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: (no name) - {482D94CF-438F-4BA8-8546-680FAC89677D} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: (no name) - {4BB84013-5E41-4E1F-AD5D-9BE2BDF06B8D} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll (file missing)
    O2 - BHO: (no name) - {C1D0FF4C-12A7-3C06-8B2C-39E60E885ACE} - C:\WINDOWS\System32\bypx.dll
    O2 - BHO: (no name) - {C600A58E-3343-44DB-8901-C9F95D8F94A1} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: (no name) - {CD7E0FD7-E461-461B-8E68-49248AFC10E1} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: (no name) - {D05DAA9E-6D44-4E53-B977-3BDDC744FA1A} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: (no name) - {E749AD73-834A-4F62-9FF4-79917A751F47} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: (no name) - {E9F7D4B0-817D-4D4F-8319-4E5E62633FCC} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: (no name) - {F949616E-6184-4161-A9EF-82AD16830E17} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [hueeqq] c:\windows\system32\hueeqq.exe
    O4 - HKLM\..\Run: [tmoowc] C:\WINDOWS\System32\tmoowc.exe
    O4 - HKLM\..\Run: [HPNT] C:\Program Files\hpdll\hpdll.exe
    O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
    O4 - HKLM\..\Run: [Visual Element Fx] C:\Program Files\hpdll\tempdl\RAS012505.exe
    O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
    O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
    O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [r7mh3pi] wexamon.exe
    O4 - HKLM\..\Run: [1hrr7oyn] C:\Program Files\1hrr7oyn\1hrr7oyn.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\wtta.exe
    O4 - HKCU\..\Run: [Isg] C:\WINDOWS\System32\arpa.exe
    O4 - HKCU\..\Run: [aw5nRfGEU] wdiwan.exe
    O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Startup: Organize.lnk = ?
    O4 - Startup: PowerReg SchedulerV2.exe
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Norton Personal Firewall.lnk = C:\Program Files\Norton Personal Firewall\nisfirst.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: SmartUI.lnk = ?
    O4 - Global Startup: Timed Backups Manager Startup.lnk = C:\Program Files\Backup Plus\BackTime.exe
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: AIM (HKLM)
    O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.18.69.102/activex/AxisCamControl.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
    O18 - Protocol: bwh0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
    O18 - Protocol: offline-8876480 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    I am the uber duck!!1
    Proxy Tools

  2. #2
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    remove

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int
    ernet Settings,ProxyOverride = localhost

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

    all the ones with this- C:\Program Files\1hrr7oyn\1hrr7oyn.dll

    O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll (file missing)

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot -isnt bad but is useless

    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe -useless also


    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

    O4 - HKLM\..\Run: [hueeqq] c:\windows\system32\hueeqq.exe

    O4 - HKLM\..\Run: [tmoowc] C:\WINDOWS\System32\tmoowc.exe

    O4 - HKLM\..\Run: [HPNT] C:\Program Files\hpdll\hpdll.exe

    O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe

    O4 - HKLM\..\Run: [Visual Element Fx] C:\Program Files\hpdll\tempdl\RAS012505.exe

    O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe

    O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe

    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe

    O4 - HKLM\..\Run: [r7mh3pi] wexamon.exe

    O4 - HKLM\..\Run: [1hrr7oyn] C:\Program Files\1hrr7oyn\1hrr7oyn.exe


    O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\wtta.exe

    O4 - HKCU\..\Run: [Isg] C:\WINDOWS\System32\arpa.exe

    O4 - Startup: Organize.lnk = ? -useless

    O4 - Startup: PowerReg SchedulerV2.exe -useless

    O4 - HKCU\..\Run: [aw5nRfGEU] wdiwan.exe

    O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt

    O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing you might need lsp fix to get rid of that one

    all the ones with - BWPlugProtocol-8876480.dll it must be messing you up its in there 1000 times

    and

    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

  3. #3
    Junior Member
    Join Date
    Feb 2005
    Posts
    23

    hrm

    yeah im always a little etchy when I run hijack this, do you have any advice on what to look for?

  4. #4
    Senior Member
    Join Date
    Jan 2004
    Posts
    124
    For all of those who want to learn what to remove with HijackThis:
    1.If you have "out-of-box" install of windows, or access to one, run HijackThis so you can see what M$ installs, and what are defaults.
    2. If you don't have access to fresh installation, and probably don't have time for formating your HDD (I know I would never do that if I realy REALY don't have to) try to clean it as much as posible using advices from someone who realy know what is he doing. Ofcourse, you can always google for abc.exe or abc.dll to learn what file is for what.
    3. Now that you have starting point, or at least something close to it, whenever you are about to install something new, run HijackThis before (don't forget to compare it with your last scan, you newer know if something sneeked in) and after installation. Now you learn what that installation drops in. Ofcourse, never take it for granted that all of this new stuff is realy necesary to be started. Use google again, and experience of others to see if you can live without all new features.

    You could experiment on your own to remove some of the new stuff, but DO NOT do that if you realy don't know what you are doing. And even if you are certain that you should remove something, use backup feature of HijackThis just in case you remove something crucial.

    One more thing. If you realy want to get rid of the spyware/malvare/virus/trojan etc. run your scans in safe mode. Reminder for all of people that still don't know how to enter safe mode: on all widows platforms you have to tap F8 during boot sequence and select "safe mode" from list that pops up. Also if you are removing spyware/malvare/virus/trojan etc. on win ME, 2k or XP, don't forget to turn off SystemRestore feature, or you could by mestake return what you have cleand

    All of above is from my personal experience, and don't take it for granted
    Ikalo
    ------
    Make your knowledge your deadliest weapon.

  5. #5
    Senior Member
    Join Date
    Feb 2004
    Posts
    202
    Wow. You have a nice collection of "ick" (yes,that's a technical term :P ) there.

    It's possible that you have a really nasty new infection that infects all instances of explorer.exe. You have the signs of it installing. Disconnect this pc from the 'net before it completely installs. Use another for anything you need 'net access for.

    Here's what you need to do:

    The current version of HijackThis is 1.99.1. If you don't have that you can get it free at http://www.bleepingcomputer.com/files/hijackthis.php

    Please go to Add/Remove programs and uninstall the following:

    VBouncer
    isrvs
    1hrr7oyn
    hpdll


    Please boot into safe mode and select the following with HijackThis. With all windows (including this one!) closed, please select "fix.

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    O2 - BHO: (no name) - {0ADAC788-30EC-4EBC-ADBD-D0FFF17BA1EA} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: (no name) - {1DA0E960-6302-43F8-BB6A-68D3562067E1} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: (no name) - {1E54CD0A-7EDA-4EF7-BEE8-8234C2AD1BC3} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: (no name) - {29EA4C49-6882-4597-903C-65C76AEBD394} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: (no name) - {482D94CF-438F-4BA8-8546-680FAC89677D} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: (no name) - {4BB84013-5E41-4E1F-AD5D-9BE2BDF06B8D} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll (file missing)
    O2 - BHO: (no name) - {C1D0FF4C-12A7-3C06-8B2C-39E60E885ACE} - C:\WINDOWS\System32\bypx.dll
    O2 - BHO: (no name) - {C600A58E-3343-44DB-8901-C9F95D8F94A1} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: (no name) - {CD7E0FD7-E461-461B-8E68-49248AFC10E1} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: (no name) - {D05DAA9E-6D44-4E53-B977-3BDDC744FA1A} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: (no name) - {E749AD73-834A-4F62-9FF4-79917A751F47} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: (no name) - {E9F7D4B0-817D-4D4F-8319-4E5E62633FCC} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O2 - BHO: (no name) - {F949616E-6184-4161-A9EF-82AD16830E17} - C:\Program Files\1hrr7oyn\1hrr7oyn.dll
    O4 - HKLM\..\Run: [hueeqq] c:\windows\system32\hueeqq.exe
    O4 - HKLM\..\Run: [tmoowc] C:\WINDOWS\System32\tmoowc.exe
    O4 - HKLM\..\Run: [HPNT] C:\Program Files\hpdll\hpdll.exe
    O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
    O4 - HKLM\..\Run: [Visual Element Fx] C:\Program Files\hpdll\tempdl\RAS012505.exe
    O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
    O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
    O4 - HKLM\..\Run: [r7mh3pi] wexamon.exe
    O4 - HKLM\..\Run: [1hrr7oyn] C:\Program Files\1hrr7oyn\1hrr7oyn.exe
    O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\wtta.exe
    O4 - HKCU\..\Run: [Isg] C:\WINDOWS\System32\arpa.exe
    O4 - HKCU\..\Run: [aw5nRfGEU] wdiwan.exe
    O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.18.69.102/activex/AxisCamControl.cab



    Then, while still in safe mode, find and delete the following:

    C:\ wdiwan.exe
    C:\WINDOWS\System32\arpa.exe
    C:\Documents and Settings\Owner\Application Data\wtta.exe
    C:\Program Files\1hrr7oyn\ <<FOLDER
    wexamon.exe
    C:\WINDOWS\isrvs\ <<FOLDER
    C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
    C:\PROGRA~1\VBouncer <<FOLDER
    C:\Program Files\hpdll\ <<FOLDER
    C:\WINDOWS\System32\tmoowc.exe
    c:\windows\system32\hueeqq.exe




    Then reboot and post a fresh HijackThis log.



    edit: This from oofki:

    O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing you might need lsp fix to get rid of that one

    all the ones with - BWPlugProtocol-8876480.dll it must be messing you up its in there 1000 times

    and

    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
    Leave these alone!! There is nothing wrong with any of these entries.

  6. #6
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    Meeeee, ah, just the man/women I wanted to hear from. I was waiting for YOUR response because I don't generally trust other people with my hijack this logs, no offense oofki, thanks for your help, but due to meee's edit, you can see why.

    Yes meeeeee, you are correct, I do have a nice collection of "ick" lol, this is what happens to your moms computer when you leave it unwatched for a month, she jacked it up by opening and sending weird stuff back and forth with her friends (she thinks she's still in high school).

    Anyway, thanks for the help, I will follow your instructions right... now!!

    (edited due to an informative pm )
    I am the uber duck!!1
    Proxy Tools

  7. #7
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    because I don't generally trust other people with my hijack this logs
    Should Groovicus and some others here take that as an insult?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #8
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    No, I know groovicious knows his hijack this crap, I would listen to him and a few others...
    I am the uber duck!!1
    Proxy Tools

  9. #9
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    Ok, the last log that I showed you was outdated, something like 1.97, or something...

    I downloaded the newest version and still followed your instructions. Here is the new log made by the newest version of hijack this with the things you told me to take out taken out:



    Logfile of HijackThis v1.99.1
    Scan saved at 5:55:34 PM, on 2/21/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\WINDOWS\LTMSG.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\wmd4svc.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\WINDOWS\DvzCommon\DvzMsgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    C:\Program Files\Palm\HOTSYNC.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\BRMFRSMG.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Owner\Desktop\computer security\HijackThis2\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.msn.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [r7mh3pi] wmd4svc.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Startup: Organize.lnk = ?
    O4 - Startup: PowerReg SchedulerV2.exe
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Norton Personal Firewall.lnk = C:\Program Files\Norton Personal Firewall\nisfirst.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: SmartUI.lnk = ?
    O4 - Global Startup: Timed Backups Manager Startup.lnk = C:\Program Files\Backup Plus\BackTime.exe
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
    O18 - Protocol: bw+0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {AD6AC7F2-1B82-43C0-8FBD-5CFDE1A47508} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



    Thank you for all your help meeee!
    I am the uber duck!!1
    Proxy Tools

  10. #10
    Senior Member
    Join Date
    Feb 2004
    Posts
    202
    Glad to help.

    Just one more left to kill:

    O4 - HKLM\..\Run: [r7mh3pi] wmd4svc.exe

    Fix the line with HijackThis and then find and kill the file. You may need to show hidden files to do this.

    I would recommend fixing the following so they don't run at start-up. (Don't delete these files!) They can still be accessed through Start&gt;Programs. They're just slowing things down as is.

    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Startup: PowerReg SchedulerV2.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe


    In addition there are probably others that you can opt not to have running at boot. Here are a few references so you can check them for yourself & make an informed decision:

    http://www.answersthatwork.com/Taskl...s/tasklist.htm
    http://computercops.biz/modules.php?name=StartupList


    Post back a fresh log. I want to make sure that file above ( wmd4svc.exe) didn't regenerate.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides