Pages Keep Opening...HELP!

Computing.Net > Forums > Security and Virus > Pages Keep Opening...HELP!

Pages Keep Opening...HELP!

Original Message

Name: Gregavi
Date: April 2, 2007 at 10:10:09 Pacific
Subject: Pages Keep Opening...HELP!
OS: XP
CPU/Ram: P 4/1 GB
Model/Manufacturer: Gateway

Comment:

Recently I have been getting these annoying web pages opening on their own whenever I open or change pages. (Example:Paid Survey Unlimited) It happens in IE and Firefox. I have a HighjackThis Log but not sure what to make of it. I can post the HJT log file if necessary. Any help is appreciated.

Report Offensive Message For Removal

Response Number 1

Name: jabuck
Date: April 2, 2007 at 14:43:50 Pacific
Subject: Pages Keep Opening...HELP!

Reply: (edit)

Please post your Hijack This log.
Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Report Offensive Follow Up For Removal

Response Number 2

Name: Gregavi
Date: April 2, 2007 at 17:36:24 Pacific
Subject: Pages Keep Opening...HELP!

Reply: (edit)

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:35:53 PM, on 4/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\StartupMonitor.exe
D:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
D:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
D:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Program Files\SlimServer\server\slim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\PROGRA~1\MI1933~1\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\WinAce\WinAce.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\notepad.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {26A9869C-4AA3-45BC-87B4-200EBDC93BAD} - \
O2 - BHO: (no name) - {2EC29A0E-46E9-443B-9DED-571DBB73B93C} - \
O2 - BHO: (no name) - {372B6619-9BB4-449D-8554-296EB6E58610} - \
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {492D4EC4-9647-40B9-B64F-3EE1D308DDB0} - \
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5A109F48-1FF4-429D-9D3F-340D87C62F7B} - \
O2 - BHO: (no name) - {6BDE1532-8F66-4708-89D3-8EDEB921D510} - \
O2 - BHO: (no name) - {6D0347A0-F12F-4C25-90EC-29338ACAB058} - \
O2 - BHO: (no name) - {9E6BD375-2613-4701-8C20-B8CBE080A428} - \
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: 0 - {AAF61EE9-B4CF-45D3-05BB-867BF2CC5059} - C:\Program Files\Online Services\qufa.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {CE62F9B3-71BC-43E2-A0AF-DAE57AC1F1C0} - C:\Program Files\WindowsUpdate\mesozile.dll
O2 - BHO: (no name) - {D18B04FE-3B4C-4E43-B5A7-EDF7ABC86CCF} - \
O2 - BHO: (no name) - {E8F83811-D66D-4AEB-A4E9-3A7C2357F68A} - \
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [AcctMgr] D:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [cctray] "d:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "d:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Search on TER - file:///C:\Program Files\Search On TER/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/as...
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/as...
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/1501...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Lin...
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnli...
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/as...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/l...
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) -
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/...
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/l...
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/as...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/1502...
O18 - Protocol: bw+0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\Browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\Browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GhostStartService - Unknown owner - E:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - D:\Program Files\SlimServer\server\slim.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Unknown owner - D:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
--
End of file - 24392 bytes

Report Offensive Follow Up For Removal

Response Number 3

Name: Gregavi
Date: April 2, 2007 at 17:37:30 Pacific
Subject: Pages Keep Opening...HELP!

Reply: (edit)

SmitFraudFix v2.162
Scan done at 17:32:25.64, Mon 04/02/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\StartupMonitor.exe
D:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
D:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
D:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Program Files\SlimServer\server\slim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\PROGRA~1\MI1933~1\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\WinAce\WinAce.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 68.6.16.245
DNS Server Search Order: 68.6.16.30
DNS Server Search Order: 68.2.16.30
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FBDE3588-200E-40BE-9002-7C2263F060FA}: DhcpNameServer=68.6.16.245 68.6.16.30 68.2.16.30
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FBDE3588-200E-40BE-9002-7C2263F060FA}: DhcpNameServer=68.6.16.245 68.6.16.30 68.2.16.30
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FBDE3588-200E-40BE-9002-7C2263F060FA}: DhcpNameServer=68.6.16.245 68.6.16.30 68.2.16.30
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.6.16.245 68.6.16.30 68.2.16.30
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.6.16.245 68.6.16.30 68.2.16.30
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.6.16.245 68.6.16.30 68.2.16.30

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Report Offensive Follow Up For Removal

Response Number 4

Name: jabuck
Date: April 2, 2007 at 19:47:47 Pacific
Subject: Pages Keep Opening...HELP!

Reply: (edit)

Looks as though you have three antivirus programs running which is not a good idea as they will conflict causing major problem. You need to decide which on you want to keep and uninstall the others.
Looks like Nortons is partially uninstalled, if you choose to remove it you should run this uninstaller Nortons Uninstaller
The other should uninstall from add/remove programs.
Run Hijack This, close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked"
O2 - BHO: (no name) - {26A9869C-4AA3-45BC-87B4-200EBDC93BAD} - \
O2 - BHO: (no name) - {2EC29A0E-46E9-443B-9DED-571DBB73B93C} - \
O2 - BHO: (no name) - {372B6619-9BB4-449D-8554-296EB6E58610} - \
O2 - BHO: (no name) - {492D4EC4-9647-40B9-B64F-3EE1D308DDB0} - \
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {5A109F48-1FF4-429D-9D3F-340D87C62F7B} - \
O2 - BHO: (no name) - {6BDE1532-8F66-4708-89D3-8EDEB921D510} - \
O2 - BHO: (no name) - {6D0347A0-F12F-4C25-90EC-29338ACAB058} - \
O2 - BHO: (no name) - {9E6BD375-2613-4701-8C20-B8CBE080A428} - \
O2 - BHO: 0 - {AAF61EE9-B4CF-45D3-05BB-867BF2CC5059} - C:\Program Files\Online Services\qufa.dll
O2 - BHO: (no name) - {CE62F9B3-71BC-43E2-A0AF-DAE57AC1F1C0} - C:\Program Files\WindowsUpdate\mesozile.dll
O2 - BHO: (no name) - {D18B04FE-3B4C-4E43-B5A7-EDF7ABC86CCF} - \
O2 - BHO: (no name) - {E8F83811-D66D-4AEB-A4E9-3A7C2357F68A} - \
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Exit Hijack This
Go to this link, http://www.virustotal.com/en/indexf.html and use the "browse" button to locate these files:
C:\Program Files\Online Services\qufa.dll
C:\Program Files\WindowsUpdate\mesozile.dll
Then double click the first file to enter it into the "upload and scan box", click send, then post the results. Continue untill you have checked all the files.You may have to scroll to the right to see the "send" button.
Rename hijackthis.exe as that sometime helps locate the baddies. Go to start> search> files and folders> type in the top space "hijackthis.exe" without the quotes> click search> when it is found in the right pane (looks like a pile of dynamite)>right click on it> click rename> rename it "show.exe" without the quotes> click a blank space on the screen.
Please download ComboFix to the desktop from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces and a new Hijack this log please.

Report Offensive Follow Up For Removal

Response Number 5

Name: lurkswithin
Date: April 3, 2007 at 01:29:07 Pacific
Subject: Pages Keep Opening...HELP!

Reply: (edit)

***************************************

************WARNING*********************
DO NOT USE COMBO FIX
There has been a development and a rootkit has be found attached to it...highly reccommended not to use and to remove/delete any copies of the program from your computers.
In The Matters Of Style,
swim with the current;
in matters of principle,
Stand Like A Rock

"People demand freedom of speech to make up for the
freedom of thought which they avoid."

Report Offensive Follow Up For Removal


IE Pages Keep Opening home page keeps changing??help calculator keeps opening Programs keep closing help! Home Page Hijacked...Help!	Programs won't open, help a page automatically opens.. Can't get rid of Bug! Help me! h91746.exe cannot get rid of it My home page keeps changing itself

Response Number 6

Name: Gregavi
Date: April 3, 2007 at 10:34:35 Pacific
Subject: Pages Keep Opening...HELP!

Reply: (edit)

So, jabuck is advising me to use combofix and lurkswithin is advising not to. Which is it?
Thanks

Report Offensive Follow Up For Removal

Response Number 7

Name: Gregavi
Date: April 3, 2007 at 12:17:36 Pacific
Subject: Pages Keep Opening...HELP!

Reply: (edit)

"Owner" - 07-04-03 12:11:17 Service Pack 2
ComboFix 07-04-03.5 - Running from: "C:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\bund1\temp.txt
C:\WINDOWS\system32\system\msxml4.dll
C:\WINDOWS\system32\system\msxml4r.dll
C:\DOCUME~1\Owner\Desktop\internet.lnk
C:\install.log
C:\WINDOWS\system32\bund1
C:\WINDOWS\system32\system

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_MCHINJDRV

((((((((((((((((((((((((((((((( Files Created from 2007-03-03 to 2007-04-03 ))))))))))))))))))))))))))))))))))

2007-04-03 10:07 <DIR> d-------- C:\WINDOWS\LastGood
2007-04-02 17:32 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-04-02 17:32 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-02 17:32 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-02 17:32 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-02 17:32 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-02 17:32 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-04-02 09:50 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Sun
2007-04-02 00:00 95,760 --a------ C:\WINDOWS\system32\isafeif.dll
2007-04-02 00:00 75,280 --a------ C:\WINDOWS\system32\vetredir.dll
2007-04-02 00:00 75,280 --a------ C:\WINDOWS\system32\isafprod.dll
2007-04-02 00:00 629,216 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2007-04-02 00:00 32,528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-04-02 00:00 26,640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2007-04-02 00:00 21,648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-04-02 00:00 21,392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2007-04-02 00:00 108,544 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2007-04-02 00:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-04-01 21:23 767,488 --a------ C:\WINDOWS\system32\WMVSENCD.dll
2007-04-01 21:23 75,280 --a------ C:\WINDOWS\system32\vetredir(4).dll
2007-04-01 21:23 75,280 --a------ C:\WINDOWS\system32\vetredir(3).dll
2007-04-01 21:23 75,280 --a------ C:\WINDOWS\system32\vetredir(2).dll
2007-04-01 21:23 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-04-01 21:23 656,896 --a------ C:\WINDOWS\system32\WMVXENCD.dll
2007-04-01 21:23 65,536 --a------ C:\WINDOWS\system32\eSellerateControl200.dll
2007-04-01 21:23 64,000 --a------ C:\WINDOWS\system32\E_FBCB9FA.DLL
2007-04-01 21:23 61,440 --a------ C:\WINDOWS\system32\ldamfilt.dll
2007-04-01 21:23 498,742 --a------ C:\WINDOWS\system32\dxmasf.dll
2007-04-01 21:23 48,640 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2007-04-01 21:23 48,128 --a------ C:\WINDOWS\system32\mshtmler.dll
2007-04-01 21:23 34,304 --a------ C:\WINDOWS\system32\E_FBCH9FA.DLL
2007-04-01 21:23 331,776 --a------ C:\WINDOWS\system32\CTMedEng.DLL
2007-04-01 21:23 139,264 --a------ C:\WINDOWS\system32\hpicon.dll
2007-04-01 21:23 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-04-01 21:23 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2007-04-01 21:23 101,376 --a------ C:\WINDOWS\system32\txflog.dll
2007-04-01 21:19 9,216 --a------ C:\WINDOWS\system32\lprmonui.dll
2007-04-01 21:19 51,200 --a------ C:\WINDOWS\system32\dfrgres.dll
2007-04-01 21:18 <DIR> d-------- C:\WINDOWS\DLLArchive
2007-04-01 19:58 <DIR> d-------- C:\Program Files\AnalogX
2007-04-01 18:58 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-01 13:43 93,736 --a------ C:\WINDOWS\VTTC.exe
2007-04-01 12:59 1,944 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-30 13:45 <DIR> d-------- C:\TEMP\tn3
2007-03-27 11:00 45,056 --a------ C:\WINDOWS\wbun.exe
2007-03-27 01:27 72,064 --a------ C:\WINDOWS\system32\drivers\core.sys
2007-03-23 08:53 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Backyard Baseball 2007
2007-03-20 09:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-03-17 15:39 <DIR> d-------- C:\Program Files\Pando Networks
2007-03-17 15:05 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
2007-03-16 09:31 <DIR> d-------- C:\DOCUME~1\Owner\browser - logitech
2007-03-16 09:30 <DIR> d-------- C:\DOCUME~1\Owner\Logitech
2007-03-16 09:29 <DIR> d-------- C:\Program Files\Common Files\Remote Control Software Shared
2007-03-16 09:24 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-03-16 09:24 <DIR> d-------- C:\Program Files\Logitech
2007-03-16 00:21 138 --a------ C:\WINDOWS\UNDEL.BAT
2007-03-15 10:12 <DIR> d-------- C:\Program Files\ItsDeductible2006
2007-03-15 10:08 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\InstallShield
2007-03-14 17:28 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-03-14 17:28 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-03-14 17:28 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-03-14 17:28 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-03-14 17:28 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2007-03-14 17:28 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-03-14 14:37 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2007-03-11 02:32 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Publish Providers
2007-03-11 02:24 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Sony
2007-03-11 02:22 <DIR> d-------- C:\Program Files\Vstplugins
2007-03-11 02:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
2007-03-10 22:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-03-10 22:24 65,536 --a------ C:\WINDOWS\system32\a1.dll
2007-03-10 22:24 520,192 --a------ C:\WINDOWS\system32\wscma2u.exe
2007-03-10 22:24 278,528 --a------ C:\WINDOWS\system32\ammpp.dll
2007-03-09 11:19 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-09 10:48 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-03-08 16:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\IMSI
2007-03-08 16:28 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\IMSI
2007-03-08 01:22 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-08 01:22 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-08 01:22 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-03-08 01:22 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-03-08 01:22 <DIR> d-------- C:\Program Files\Winamp
2007-03-07 22:15 <DIR> d-------- C:\Program Files\Nero
2007-03-06 19:42 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Systweak
2007-03-05 08:24 77,000 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-03 10:17 -------- d--h----- C:\Program Files\windowsupdate
2007-04-03 10:17 -------- d-------- C:\Program Files\online services
2007-04-03 09:38 -------- d-------- C:\Program Files\msn encarta plus
2007-04-03 09:38 -------- d-------- C:\Program Files\flac
2007-04-03 09:29 -------- d-------- C:\Program Files\symantec
2007-04-03 09:29 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-03-30 21:23 -------- d-------- C:\Program Files\windows media connect 2
2007-03-30 21:23 -------- d-------- C:\Program Files\movie maker
2007-03-30 21:23 -------- d-------- C:\Program Files\messenger
2007-03-30 21:23 -------- d-------- C:\Program Files\mailfrontier
2007-03-30 21:23 -------- d-------- C:\Program Files\capital flash casino
2007-03-27 11:01 -------- d--h----- C:\Program Files\installshield installation information
2007-03-27 10:54 -------- d-------- C:\Program Files\interactual
2007-03-25 20:04 -------- d-------- C:\DOCUME~1\Owner\APPLIC~1\bittorrent
2007-03-23 16:56 -------- d-------- C:\DOCUME~1\Owner\APPLIC~1\vso
2007-03-22 19:51 -------- d-------- C:\Program Files\itunes
2007-03-22 19:50 -------- d-------- C:\Program Files\ipod
2007-03-16 00:21 -------- d-------- C:\Program Files\intel
2007-03-14 14:09 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-03-13 19:09 -------- d-------- C:\Program Files\bittorrent
2007-03-08 10:30 -------- d-------- C:\Program Files\recordnow
2007-03-08 10:30 -------- d-------- C:\Program Files\powerpoint viewer
2007-03-08 10:29 -------- d-------- C:\Program Files\punch! pro - platinum
2007-03-08 10:29 -------- d-------- C:\Program Files\performancetest
2007-03-08 10:29 -------- d-------- C:\Program Files\mozilla thunderbird
2007-03-02 12:59 53248 --a------ C:\WINDOWS\uni_eh10.exe
2007-02-28 16:05 86016 --a------ C:\WINDOWS\system32\elbycdio.dll
2007-02-28 13:56 15440 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2007-02-16 12:59 110592 --a------ C:\TTC.dll
2007-02-15 17:56 11984 --a------ C:\WINDOWS\system32\drivers\RegKill.sys
2007-01-31 15:15 87608 --a------ C:\DOCUME~1\Owner\APPLIC~1\ezpinst.exe
2007-01-31 15:15 7824 --a------ C:\DOCUME~1\Owner\APPLIC~1\pcouffin.cat
2007-01-31 15:15 47360 --a------ C:\DOCUME~1\Owner\APPLIC~1\pcouffin.sys
2007-01-31 15:15 34 --a------ C:\DOCUME~1\Owner\APPLIC~1\pcouffin.log
2007-01-31 15:15 1144 --a------ C:\DOCUME~1\Owner\APPLIC~1\pcouffin.inf
2007-01-16 12:57 0 --a------ C:\Autoexec.bat
2007-01-08 20:01 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-07 10:40 85 ---hs---- C:\DOCUME~1\Owner\APPLIC~1\.zreglib

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Run StartupMonitor"="StartupMonitor.exe"
"cctray"="\"d:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\""
"QOELOADER"="\"d:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spam\\QSP-5.0.419.0\\QOELoader.exe\""
"CAVRID"="\"d:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\CAVRID.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="???
?"
"hkey"="HKCU"
"command"="???
?"
"inimapping"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="???
?"
"hkey"="HKCU"
"command"="???
?"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoCDBurning"=dword:00000001
"BackupNoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ C:\Program Files\Online Services\rtene.html
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Owner at 11 37 AM.job
C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Owner at 2 54 PM.job

********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-03 12:14:36
C:\ComboFix-quarantined-files.txt ... 07-04-03 12:14

Report Offensive Follow Up For Removal

Response Number 8

Name: Gregavi
Date: April 3, 2007 at 12:22:27 Pacific
Subject: Pages Keep Opening...HELP!

Reply: (edit)

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:19:27 PM, on 4/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\StartupMonitor.exe
D:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
D:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Program Files\SlimServer\server\slim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\Owner\Desktop\Show.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {96E019DA-BAA8-4473-BA27-07D8C95C8B94} - \
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {DED5F70F-E5EE-4FD3-81FE-C1CEFFC3ED35} - \
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file)
O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [cctray] "d:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "d:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Search on TER - file:///C:\Program Files\Search On TER/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/as...
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/as...
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/1501...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Lin...
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnli...
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/as...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/l...
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) -
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/...
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/l...
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/as...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/1502...
O18 - Protocol: bw+0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\Browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\Browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - D:\Program Files\SlimServer\server\slim.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Online Services\rtene.html
--
End of file - 21800 bytes

Report Offensive Follow Up For Removal

Response Number 9

Name: jabuck
Date: April 3, 2007 at 14:34:31 Pacific
Subject: Pages Keep Opening...HELP!

Reply: (edit)

Run these file thruogh the virustotal scanner mentioned in response #4 and report the results please.
C:\Program Files\Online Services\qufa.dll
C:\Program Files\WindowsUpdate\mesozile.dll
C:\Program Files\Online Services\rtene.html

Report Offensive Follow Up For Removal

Response Number 10

Name: Gregavi
Date: April 3, 2007 at 14:42:41 Pacific
Subject: Pages Keep Opening...HELP!

Reply: (edit)

Only the last one got any results:
Your file "rtene.html" is queued in position: 14. Estimated start time is between 163 and 233 seconds.
the other 2 got:
0 bytes size received
I will post results when it is finished scanning.
Thanks

Report Offensive Follow Up For Removal

Response Number 11

Name: Gregavi
Date: April 3, 2007 at 15:01:52 Pacific
Subject: Pages Keep Opening...HELP!

Reply: (edit)

Complete scanning result of "rtene.html", received in VirusTotal at 04.03.2007, 23:43:20 (CET).
No viruses found
I am still getting the pop-up windows

Report Offensive Follow Up For Removal

Response Number 12

Name: jabuck
Date: April 3, 2007 at 15:33:14 Pacific
Subject: Pages Keep Opening...HELP!

Reply: (edit)

Go to start> control panel> display> desktop> customize desktop> web> delete all items except "My Current Home Page" unless you put them there, "rtene.html" should be there
Select the ones you want to delete and then click on the Delete button.
Press the OK button to close this screen.
Press the Apply button and then the OK button to close the Display control panel.
Run Hijack This from normal mode and remove these items:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank (unless you set this)
O2 - BHO: (no name) - {96E019DA-BAA8-4473-BA27-07D8C95C8B94} - \
O2 - BHO: (no name) - {DED5F70F-E5EE-4FD3-81FE-C1CEFFC3ED35} - \
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: Search on TER - file:///C:\Program Files\Search On TER/search.html
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/as...
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/as...
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/as...
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/as...
O24 - Desktop Component 0: (no name) - C:\Program Files\Online Services\rtene.html again, remove if you did not istall this
Exit Hijack This
Open notepad (Start Menu > Run > Type notepad and press "ok".
Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.
Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Download and install AVG Anti-Spyware We will need this later in safe mode
Be sure to update AVG Anti- Spyware
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop). Post the AVG AntiSpyware report and a new Hijack This log please.

Report Offensive Follow Up For Removal

Response Number 13

Name: Gregavi
Date: April 3, 2007 at 21:41:59 Pacific
Subject: Pages Keep Opening...HELP!

Reply: (edit)

I'm still getting the same pop-up windows.
Here are the AVG AntiSpyware report and a new Hijack This log:
AVG Anti-Spyware - Scan Report

+ Created at: 8:19:33 PM 4/3/2007
+ Scan result:
C:\Documents and Settings\Owner\Desktop\backups\backup-20070403-101653-892.dll -> Adware.TTC : Cleaned.
C:\TTC.dll -> Adware.TTC : Cleaned.
C:\WINDOWS\VTTC.exe -> Adware.TTC : Cleaned.
C:\Documents and Settings\Owner\Desktop\backups\backup-20070403-101653-594.dll -> Adware.ZQuest : Cleaned.
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\16y9ttd0.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\16y9ttd0.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\16y9ttd0.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\16y9ttd0.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.

::Report end
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:36:47 PM, on 4/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Program Files\SlimServer\server\slim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\StartupMonitor.exe
D:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
D:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe
D:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MI1933~1\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\Show.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file)
O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [cctray] "d:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "d:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "d:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Search on TER - file:///C:\Program Files\Search On TER/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/1501...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Lin...
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnli...
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/as...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/l...
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) -
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/...
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/l...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/1502...
O18 - Protocol: bw+0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {833C9576-A595-4B7B-A24B-40384843646A} - C:\Program Files\Logite